Beruflich Dokumente
Kultur Dokumente
A Case Study Of A Case Study Of INDIAN INSTITUTE OF TECHNOLOGY INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR KHARAGPUR
Implemented By Implemented By
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 1
15/12/2002
DOCUMENT DETAILS
Document Title Version Date Created by Project Manager IIT Kharagpur Case Study 1.0 15/12/2002 Sukanta Das, Sr. Engineer WAN Operation E-mail: SukantaD@hclcomnet.co.in Mr. Bhaskar Dasgupta, National Project Manager E-Mail: b_dasgupta@hclcomnet.co.in Partha Goswami, RM - TSG E-mail: ParthaG@hclcomnet.co.in Sudipto Chowdhury, Network Specialist E-mail: SudiptoC@hclcomnet.co.in Abhijit Datta, Sr. Engineer-WAN Operation E-Mail: AbhijitD@hclcomnet.co.in Sukanta Das, Sr. Engineer-WAN Operation E-Mail: SukantaD@hclcomnet.co.in
Project Members
Reference Modified by
www.cisco.com
Suggestion / Comments
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 2
15/12/2002
TABLE OF CONTENTS
Sl No
1 2 3 4 5 6 7 8 9 10 11 12 13 14 (A) (B) (C) (D) (E) (F) (G) (H) 15 16 (A) (B) (C) (D) 17 (A) (B) 18 # # # 19 20 21 (1) (2) (3) (4) (5) (6)
Content Details
Introduction Institute History Campus Location The Networking Era Campus Map The Need Network Design Project Overview How we have implemented the Entire Network IIT Kharagpur Campus Network Schematic Central Network Room Schematic Network Schematic of some Departments Network Schematic of some Hostel/Halls Configuration details of Central Network Equipments Academic CORE Switch Academic DISTRIBUTION Switch Hostel CORE 1 Hostel CORE 2 Thaicom Gateway Router 7507 Cisco PIX Firewall with Failover Cisco Catalyst 5509 VSNL Router Cache Engine COMPUTER Sc. 2948 GL3 Distribution Switch Configuration Access/Edge Switch Configuration of some Departments ARCHITECTURE IE & M NAVAL CRF Distribution Switch Configuration details of some Hostels NEHRU Hall of Residence PATEL Hall of Residence Some Important Feature of the Network Redundancy of Supervisor Engine QOS Implementation Cache-Engine Implementation Network Components installed across the Network Appreciation Letter & Sign-Off Glossary Cisco Catalyst 6500 Series Data sheet Catalyst 600 Family Gigabit Ethernet Module Data Sheet Switch Fabric Module Data Sheet Distributed Forwarding Card for the Catalyst 6500 Data Sheet Catalyst 6000 Intrusion Detection System Module Data Sheet Configuring Catalyst 6509 Switch as DHCP Server
Page No
4 4 5 5 6 6 7-8 8-9 10 11 11 12-16 17-19 20-64 20-26 27-39 40-46 47-52 53-56 57-59 60-62 63-64 65-75 76-87 76-78 79-81 82-84 85-87 88-102 88-94 95-102 103-119 103-104 105-108 109-119 120 121-123 124-148 124 125 128 130 133 136
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 3
15/12/2002
1. INTRODUCTION IIT Kharagpur located about 125 KM south of Calcutta, is Indias Premier Technology Institution. Established in 1951, the institute boasts of 18 Academic Departments and 5 Centers of excellence. The vast campus, spanning over 2100 Acres has a selfcontained township of over 15,000 inhabitants. Currently there are about 450 Faculty, 2200 Employees and 4000 Students on the campus. IIT Kharagpur has best of computing platforms of the like HCL/HP/COMPAQ/IBM/ SUN/DIGITAL/SGI/PARAM. There are about 200+ Servers and 200+ High-end Workstation and 5500+ PCs in the whole network. These are used for high end computing and R&D activities along with the associated general activities in the campus. 2. INSTITUTE HISTORY The history of the IIT system dates back to 1946 when a committee was set up by Hon'ble Sir Jogendra Singh, Member of the Viceroy's Executive Council, Department of Education, Health and Agriculture to consider the setting up of Higher Technical Institutions for post war industrial development in India. The 22 member committee headed by Sri N.R.Sarkar, in its report, recommended the establishment of four Higher Technical Institutions in the Eastern, Western, Northern and Southern regions, possibly on the lines of the Massachusetts Institute of Technology, USA, with a number of secondary institutions affiliated to it. The report also urged the speedy establishment of all the four institutions with the ones in the East and the West to be started immediately. The committee also felt that such institutes would not only produce undergraduates but they should be engaged in research, producing research workers and technical teachers as well. The standard of the graduates should be at par with those from first class institutions abroad. They felt that the proportion of undergraduates and postgraduate students should be 2:1. With the above recommendations of the Sarkar committee in view, the first Indian Institute of Technology was born in May 1950 in Hijli, Kharagpur, in the eastern part of India. Initially the IIT started functioning from 5, Esplanade East, Calcutta and very soon shifted to Hijli in Sept. 1950. The present name 'Indian Institute of Technology' was adopted before the formal inauguration of the Institute on August 18, 1951, by Maulana Abul Kalam Azad. IIT Kharagpur started its journey in the old Hijli Detention Camp where some of our great freedom fighters toiled and sacrificed their lives for the independence of our country. The history of IIT Kharagpur is thus intimately linked with the history of the Hijli Detention Camp. This is possibly one of the very few Institutions all over the world, which started life in a prison house.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 4 15/12/2002
Pandit Nehru in his first convocation address in 1956 said "Here in the place of that Hijli Detention Camp stands the fine monument of India, representing India's urges, Indias future in the making. This picture seems to me symbolical of the changes that are coming to India." 3. CAMPUS LOCATION The Indian Institute of Technology, Kharagpur is located 116 kms. west of the metropolis of Calcutta. Kharagpur is extremely well connected by rail to all the four metropolis as it lies on the Howrah Bombay, Howrah Madras and Delhi-Puri line. Regular train services to Hyderabad and Bangalore are also available. Fast and regular suburban trains connect Kharagpur to Calcutta. The Institute is situated 4 kms. from the Kharagpur railway station. Autorickshaws and Taxis provide reliable, fast and the round the clock transport between the station and the campus. The Institute also provides regular bus services to the station. 4. IIT Kharagpur NETWORKING ERA (1994 2001) HCL Comnet set up the first ATM network for IIT Kharagpur in 1996. The network was built with 3 Centralized 100 OC-3 ATM switches on the Core running PNNI routing. The departments had installed a Centralized 100 ATM switch with UNI routing to the core, also acting as a LANE server version. IIT decided to move from ATM to Gigabit Ethernet backbone. This task was handed over to CMC. However, CMC failed to live upto IITs expectations. IIT got the product but not the integration expertise. HCL Comnet swung back to action again with a tie up with Cisco and got a preferred partner status in the East due to high technical know-how and network design skills. The Academic Campus network Upgradation & Expansion contract was given to HCL Comnet for designing state of the art Multiservice Network for Student Campus Network. The next phase was to integrate the Student Campus Network with the Academic Network. A classic ATM & IP integration was developed as a solution, as ATM was still being extensively used in the existing network, for research and development activities. IIT also froze its plans for setting up a new state of the art at Computer Center. HCL Comnet designed a state of the art Networking Infrastructure for the new building encompassing the entire Data Center & Telecom infrastructure for IIT campus. HCL Comnet also installed a Satellite Earth Station for providing 5 Mbps of raw Internet bandwidth from International Network Access Point (NAP) from Thaicom.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 5
15/12/2002
5. CAMPUS MAP
6. THE NEED IIT Kharagpur wanted to computerize its student campus to provide high-speed network connectivity. The idea was to facilitate training, technical education, information sharing through high-speed Internet access, e-mails and access to existing IIT campus network. The network had to be flexible to allow access from each and every students room of the hostel and provide unrestricted access without necessitating presence at specific physical location.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 6
15/12/2002
7. THE NETWORK DESIGN The network designed for IIT-Kharagpur is a Multiservice Switched network, which can be used for converging Data, Voice & Video over the IP network. The network is modular and Hierarchical with a Multi-Layer model. Core Layer: (A) High-speed transport. (B) Redundant with dual homing from the Distribution. (C) OSPF routing with load balancing. Distribution Layer: (A) (B) (C) (D) (E) L3/L4 switching enabling Policy based Networking. Content Engine at Edges for Content delivery networking. Gigabit speed connectivity to the Access layer. Fast converging routing protocol for optimal IP traffic management. Inter VLAN routing and VACLs.
Access Layer: (A) 10/100 Mbps Fast Ethernet access to the desktop. (B) Inline power for powering IP phones over copper cables. (C) Layer 2 Qos. Server Farm: (A) (B) (C) (D) (E) High-speed access to centralized computing resources. Accelerated Server Load Balancing. WCCP 2 support for web redirection. Real time Intrusion Monitoring. Faster access through Giga Etherchannel.
Video Services: (A) Multiservice Video streaming services. (B) Video on demand. (C) Archive for Media files. Content Delivery Services: (A) (B) (C) (D) (E) Smart content pushing. Pre-emptive content delivery. Reduce the access time. Centralized Content Manager. Local caching or frequently accessed content.
Page 7 15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
(F) Saves costly Internet Bandwidth. Gateway Router: (A) (B) (C) (D) Load sharing & Load balancing. Network based application recognition. Committed access rate & WAN traffic shaping. WAN probe for bandwidth monitoring of Satellite bandwidth.
8. PROJECT OVERVIEW Phase I - Academic Part: HCL COMNET installed high speed ATM backbone in the year of 1997. It was done by ATM switches and managed HUBs. Latter in the year of 1999 backbone link speed was upgraded to Gigabit Ethernet by CMC. There two no of Cisco 6006 switches was used as Core switch. The Edge switches were Cisco 2924 MXL to provide the main departmental distribution. The edge access device was Hub. The Internet was terminated at Cisco 5509 switch. The existing ATM network was also integrated at the Cisco 5509 switch. In the year of 2001 the network was upgraded with forcing functionality. a) Network upgraded from layer II to layer III by changing the supervisory engine of existing 6006 switch. b) New 6506 switch also installed for the distribution, which does the interdepartmental VLAN routing. c) Six major department distribution switch upgraded by layer III Cisco 2948 switch. d) To enhance the multiple VLAN in a single department, previous 2924 MXL switch replaced by 3524 switch. e) Previous departmental 10 base FL link upgraded to Gigabit Ethernet by replacing the Hub by redundant 2924 MXL switch. f) To integrate multiple Distribution switch at CIC, one Core switch (Cisco 6509) has been installed at central network room. Each year lightning was damaging the lot of active components. It was identified that Surges are mainly coming from the external copper wire such as UTP and Thick Ethernet. These kinds of links have been upgraded to Optical fiber to avoid repeated problem. We have also installed stand alone UPS on input of the switch where central UPS power is not available. Phase II Hostel/Foundation Part: The student hostels with computer center and server farm were integrated through high-speed Gigabit infrastructure. The hostel was interlinked with Layer-3 aggregation Switch and local Servers. Edge switches, which connect to the student workstation, aggregated the end connection to the Distribution Switch (Cat-6509). Two high-speed Layer-3 Core Switches were installed at central site for redundancy. The Core switches facilitated high-speed transport for the Campus infrastructure. Common Servers in the network were
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 8 15/12/2002
connected to a high-speed Server-Farm (Cat-6506) switch. An intrusion detection system ensured security on the server-farm switch. An ATM MPOA server was deployed to integrate the existing R&D ATM network into Gigabit network. The voice, video and data application were integrated with a converged Internet Protocol (IP) solution to provide high-availability network with video server facility for lectures and self study materials. High-speed Content Engines were deployed all the hostels for caching multimedia information. A central Content Distribution Manager provided centralized control, push-pull facility and content management across the network. Redundant Firewall (PIX-525) was installed for secure access to Internet as well as Intranet. Access to the Core network was controlled at the Distribution switches through access control list. Cisco Secure Policy Manager was used to manage the security policy across the network. The Trend Micro Enterprise Suite yet to be installed for centralized Virus Control. Modular, Cost-effective, Growth was proposed in End connections, bandwidth and application. The current network infrastructure is scalable to 10 Gigabit Ethernet Network.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 9
15/12/2002
9. How we have implemented the Entire Network We had set-up one test bed in Mechanical Dept of IIT Kharagpur for implementing of Hostel Network & connect the same network with Academic network.
VLAN 600 3/1 (10.200.3.1) Core Switch(1) 6509 3/3 (10.200.5.1) 3/2 (10.200.2.2) 3/1 (10.200.3.2) Core Switch(2) 6509
60 1
3/2 (10.200.1.2)
3/3 (10.200.4.1)
VL AN
60 4
VL AN
3/1 (10.200.1.1)
N6 VLA
02
VLA N
60
3/1 (10.200.4.2)
Area 0
Ar
ea 2
a1 A re
Edge Switch 3524 Port no 1 12 VLAN 700 - 710 Port no 13 24 VLAN 711 - 720
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 10
15/12/2002
A T M S w it c h
C isco 4 00 6
C OR E 2
5 M b ps Th a ico m Lin k
Server Farm
Se rve rs
C is co 7 5 0 7 G a t e w ay R o ute r
C a che E n gin e
C o n te n t En gine
Ed ge Sw it ch Ho s te l
E d g e S w it ch
E d g e S w itch
E d g e S w itch Ho st e l
A T M S w it c h
4/ 15
Fa ilo v e r
C- D O T H UB Po r t - 11 Po rt A x 100 Tx Rx
1-6
Po r t- 9
P IX
18 - 23
Ca t - 192 4
3/ 2 A c a d e m ic C O R E 650 9 C E - 59 0
3/ 3
3/ 1
Sa t e llit e M o de m
DV B Re c e iv e r
G 0/ 1 3/ 16
3/ 16
Ne t w o r k La b Ca t - 352 4
1 4 Ho s t e l D is t . S w it c he s
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 11
15/12/2002
F. E 1 / 0 / 0
3/ 13
S 1/ 1/ 0
3/ 15
L I B R AR Y
6 C o r e S M F fr o m C IC
Ca t 2 9 4 8 L3 S w it c h 1 0 . 1 7 . 1 .2
E L E C T R O N IC L IB R A R Y M A Z E NI N E FL O O R Ca t 1 9 2 4 S w it c h 1 0 . 1 7 . 2 .1 C a t 1 9 2 4 S w it c h 1 0 . 1 7 . 3 .1
8 Po rt H UB Ch a ir m a n R o o m
8 Port H UB Ne a r G a t e
8 Po r t H UB K. K . P a n d a R o o m
ELECTRICAL
12 Core SMF fro m CIC TDM Lab
N 23 7 16 Port HUB
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 12
15/12/2002
CIVIL
6 Core M M F
Cat 35 24 X L EN (10. 19. 1.1) Co mputer Ro o m Cat 19 24 S w itch (10. 19. 4.1) 2 n d Floor Enviro n me nt al Lab Cat 19 24 S w itch (10. 19. 3.1) Co mputer Ro o m
8 Port HUB Trans portation Lab Cat 19 24 S w itch (10. 19. 2.1) Fou ndat ion Engg .
FMT - 1
FMT - 2
UP- Lin k Crossover UTP Cab le E 0/ 24 Roo m C-206 1st Floor Cat-1924 (10. 27.2.1)
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 13
15/12/2002
12 1 6
ST - ST
ST - SC
ST - SC
1 6
F 0/24
Cat 3524 XL EN (10.24.1.1) Access- VLA N 17 from CIC Distribut ion 4/11 G 0/1 Fiber Opt ic La b Ground Floor Cat 2924 MX L (10.42.1.2) Cat 1924 (10.24.2.1) UP- Link Crossover UTP Cable F 0/24
CRF
OSTC 1st Floor
16 Port HUB
M IN IN G , FO U N DR Y , W ATE R W O RK S
6 Co r e S M F fr o m C IC 6 Co r e S M F M I NI N G FO U ND R Y
To w a r ds Fo u ndr y
S T - SC
To wa rds W a t e r W o rks
MC FO - UT P
MC UT P - FO
6 Co r e S M F
8 Po rt HU B HOD R o o m
8 Po rt HU B Pro f. J .Bs R oo m
8 Po rt HU B R es ea rc h S cho la r R oom
MC FO - UT P
W A TER W O R KS
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 14
15/12/2002
12 Core S M F fro m C IC
6 Core t owar ds V GS O M V GS OM Gn d Floor Co mput er La b Cat 35 24 X L EN (10. 43. 1.1) 6 Core Fiber t owards IS R O
IE & M
VGSOM
CRY O GE NIC
SC - SC
Trunk VLA N 23/24 fro m CIC Dist. 3/8 Co mputer Ro o m 1st Floor F 0/24
ST - ST ST - ST MC FO - UTP MC UTP - FO
UP- Link Crossover UTP Cable PED Lab 1st Floor Cat-1924 (10. 36. 2.1)
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 15
15/12/2002
A UI/ FL
Cat 35 24 X L EN (10.23.1.1) MA TH - LA B - 1
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 16
15/12/2002
PORT 3 / 11
VLAN 632
6509 CORE 1
VLAN 631
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/ 8 3/ 9
1.S-BLOCK 2.1ST+2ND FL.. 3.VLAN NO 753 . 4.MGT IP10.200.1.5 5.HOST NAM E BCR_S_1ST.
1.NEBLOCK 2.GND FL 3.VLAN NO 754 . 4.MGT IP10.200.1.6. HOST NAM E BCR_NE_G ND.
1.NWBLOCK 2.GND FL 3.VLAN NO 756 . 4.MGT IP10.200.1.8. HOST NAM E BCR_NW_G ND.
PORT 3 / 1
VLAN 612
6509 CORE 1
VLAN 611
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 830 . 4.MGT IP10.200.1.100 5.HOS T NAME AZAD_ A_G ND.
1.C-BLOCK 2.GND FL 3.VLAN NO 834 . 4.MGT IP10.200.1.91. 10.200.1.92. HOS T NAME AZAD_C_GN D AZAD_C_GN D1.
1.C-BLOCK 2.2ND FL 3.VLAN NO 836 . 4.MGT IP10.200.1.94. 10.200.1.95. HOS T NAME AZAD_C_2N D AZAD_C_2N D1.
1.D-BLOCK 2.GND FL 3.VLAN NO 837 . 4.MGT IP10.200.1.96. HOS T NAME AZAD_D_G ND.
1.D-BLOCK 2.1S T FL 3.VLAN NO 838 . 4.MGT IP10.200.1.97. 10.200.1.98 HOS T NAME AZAD_D_1ST .AZAD_D_1ST 1
1.D-BLOCK 2.2ND FL 3.VLAN NO 839 . 4.MGT IP10.200.1.99. HOS T NAME AZAD_D_2 ND.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 17
15/12/2002
PORT 3 / 12
VLAN 634
6509 CORE 1
VLAN 633
6509 CORE 2
6509 DISTRIBUTION
3/7 3/6
3/3
3/4
3/5
1.S-BLOCK 2.GND+1ST FL. 3.VLAN NO 742 . 4.MGT IP10.200.1.58 5.HOST NAME SN_S_GND.
PORT 3 / 13
VLAN 636
6509 CORE 1
VLAN 635
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 811 . 4.MGT IP10.200.1.69. 10.200.1.70. HOS T NAME MT_A_GND MT_A_GND1.
1.B-BLOCK 2.GND FL 3.VLAN NO 812. 4.MGT IP10.200.1.71. 10.200.1.72 HOS T NAME MT_B_GND .MT_B_GND1
1.C-BLOCK 2.GND FL 3.VLAN NO 813 . 4.MGT IP10.200.1.73. 10.200.1.74. HOS T NAME MT_C_GND MT_C_GND1.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 18
15/12/2002
PORT 3 / 2
VLAN 614
6509 CORE 1
VLAN 613
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 815 . 4.MGT IP10.200.1.75 5.HOS T NAME NEHRU_A_ GND.
1.B-BLOCK 2.GND FL 3.VLAN NO 816 . 4.MGT IP10.200.1.76 5.HOST NAME NEHRU_B_G ND.
1.B-BLOCK 2.1ST FL 3.VLAN NO 817 . 4.MGT IP10.200.1.77 5.HOST NAME NEHRU_B_ 1ST.
1.B-BLOCK 2.2ND FL 3.VLAN NO 818 . 4.MGT IP10.200.1.78 5.HOST NAME NEHRU_B_ 2ND.
1.C-BLOCK 2.GND FL 3.VLAN NO 819 . 4.MGT IP10.200.1.79. 10.200.1.80. HOST NAME NEHRU_C_G ND NEHRU_C_G ND1.
1.C-BLOCK 2.1ST FL 3.VLAN NO 820 . 4.MGT IP10.200.1.81. HOST NAME NEHRU_C_ 1ST.
1.C-BLOCK 2.2ND FL 3.VLAN NO 821 . 4.MGT IP10.200.1.82. 10.200.1.83. HOS T NAME NEHRU_C_2 ND NEHRU_C_2 ND1.
1.D-BLOCK 2.GND FL 3.VLAN NO 822 . 4.MGT IP10.200.1.84. HOST NAME NEHRU_D_ GND.
1.C-BLOCK 2.2ND FL 3.VLAN NO 824 . 4.MGT IP10.200.1.86. 10.200.1.87. HOST NAME NEHRU_D_1S T NEHRU_D_1S T1.
1.D-BLOCK 2.2ND FL 3.VLAN NO 823 . 4.MGT IP10.200.1.85. HOST NAME NEHRU_D_ 2ND.
PORT 3 / 3
VLAN 616
6509 CORE 1
VLAN 615
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 785 . 4.MGT IP10.200.1.53 5.HOS T NAME PATEL_A_ GND.
1.B-BLOCK 2.GND FL 3.VLAN NO 786 . 4.MGT IP10.200.1.54 5.HOST NAME PATEL_B_G ND.
1.B-BLOCK 2.1ST FL 3.VLAN NO 787 . 4.MGT IP10.200.1.42 5.HOST NAME PATEL_B_1 ST.
1.B-BLOCK 2.2ND FL 3.VLAN NO 788 . 4.MGT IP10.200.1.43 5.HOST NAME PATEL_B_2 ND.
1.C-BLOCK 2.GND FL 3.VLAN NO 789 . 4.MGT IP10.200.1.44. 10.200.1.45. HOST NAME PATEL_C_G ND PATEL_C_G ND1.
1.C-BLOCK 2.2ND FL 3.VLAN NO 791 . 4.MGT IP10.200.1.48. 10.200.1.49. HOS T NAME PATEL_C_2N D PATEL_C_2N D1.
1.D-BLOCK 2.GND FL 3.VLAN NO 792 . 4.MGT IP10.200.1.50. HOST NAME PATEL_D_ GND.
1.D-BLOCK 2.2ND FL 3.VLAN NO 794 . 4.MGT IP10.200.1.52. HOST NAME PATEL_D_2 ND.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 19
15/12/2002
14. CONFIGURATION DETAILS OF CENTRAL NETWORK EQUIPMENTS (A) Academic CORE Cisco Catalyst 6509 Switch:
Console> (enable) show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. .................. .................. ................. .. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Dec 19 2002, 03:25:14 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$0GhI$SVVAsoF8Uk5E5KgUsNiVM1 set enablepass $2$bD0w$qTOAn.ueBMmhNvHxpo7B10 ! #errordetection set errordetection portcounter enable ! #! #snmp set snmp community read-write patel set snmp rmon enable set snmp trap enable module set snmp trap enable chassis set snmp trap enable bridge set snmp trap enable repeater set snmp trap enable vtp set snmp trap enable auth set snmp trap enable ippermit set snmp trap disable vmps set snmp trap enable entity set snmp trap enable config set snmp trap enable stpx set snmp trap enable syslog set snmp trap 10.211.1.101 patel
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 20 15/12/2002
! #vtp set vtp domain FOUNDATION_CORE1 set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active set vlan 8 name CET type ethernet mtu 1500 said 100008 state active set vlan 13 name chemical type ethernet mtu 1500 said 100013 state active set vlan 24 name civil type ethernet mtu 1500 said 100024 state active set vlan 38 name csestaff type ethernet mtu 1500 said 100038 state active set vlan 39 name csefaculty type ethernet mtu 1500 said 100039 state active set vlan 100 name cic_server type ethernet mtu 1500 said 100100 state active set vlan 500 name cicdist type ethernet mtu 1500 said 100500 state active set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active set vlan 502 name library type ethernet mtu 1500 said 100502 state active set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active set vlan 507 name Foundation_core type ethernet mtu 1500 said 100507 state activ e set vlan 508 name academic_core type ethernet mtu 1500 said 100508 state active set set set set vlan vlan vlan vlan 509 605 640 641 name name name name Newcic_dist type ethernet mtu 1500 said 100509 state active serverfarm type ethernet mtu 1500 said 100605 state active hall_server type ethernet mtu 1500 said 100640 state active contentengine type ethernet mtu 1500 said 100641 state active
set vlan 645 name Thaicom type ethernet mtu 1500 said 100645 state active set vlan 650 name Firewall type ethernet mtu 1500 said 100650 state active set vlan 721 name d1_2_core type ethernet mtu 1500 said 100721 state active set vlan 722 name d2_2_core type ethernet mtu 1500 said 100722 state active set vlan 761 name RP type ethernet mtu 1500 said 100761 state active set vlan 900 name mech204 type ethernet mtu 1500 said 100900 state active set vlan 901 name mech205 type ethernet mtu 1500 said 100901 state active set vlan 910 name 7500 type ethernet mtu 1500 said 100910 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 800,999 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.253/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 21 15/12/2002
#qos set qos enable ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 650 1/1-2 set port trap 1/1-2 enable set trunk 1/1 on isl 1-1005,1025-4094 ! #module 2 : 2-port 1000BaseX Supervisor set port trap 2/1-2 enable ! #module 3 : 16-port 1000BaseX Ethernet set vlan 650 3/16 set port trap 3/1-16 enable set udld enable 3/10-11,3/15-16 clear trunk 3/1 2-507,509-639,642-760,762-1005,1025-4094 set trunk 3/1 on isl 1,508,640-641,761 clear trunk 3/2 2-506,508-639,642-760,762-1005,1025-4094 set trunk 3/2 on isl 1,507,640-641,761 clear trunk 3/3 1025-4094 set trunk 3/3 on isl 1-1005 clear trunk 3/4 1-500,502-1005,1025-4094 set trunk 3/4 on isl 501 clear trunk 3/5 1,3-37,40-497,500-502,504-644,646-1005,1025-4094 set trunk 3/5 on isl 2,38-39,498-499,503,645 clear trunk 3/6 1025-4094 set trunk 3/6 on isl 1-1005 clear trunk 3/7 2-99,101-604,606-639,642-799,801-1005,1025-4094 set trunk 3/7 on isl 1,100,605,640-641,800 clear trunk 3/8 1,3-99,101-503,505-639,641-1005,1025-4094 set trunk 3/8 on isl 2,100,504,640 clear trunk 3/9 1,3-501,503-1005,1025-4094 set trunk 3/9 on isl 2,502 clear trunk 3/10 1025-4094 set trunk 3/10 on isl 1-1005 clear trunk 3/11 1-1005,1025-4094 set trunk 3/11 auto negotiate clear trunk 3/12 1-1005,1025-4094 set trunk 3/12 auto negotiate clear trunk 3/13 1025-4094 set trunk 3/13 on isl 1-1005 clear trunk 3/14 1-1005,1025-4094 set trunk 3/14 auto negotiate clear trunk 3/15 1-1005,1025-4094 set trunk 3/15 auto negotiate clear trunk 3/16 1-909,911-1005,1025-4094 set trunk 3/16 on isl 910 set port qos 3/1-16 policy-source local !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 22 15/12/2002
#module 4 : 16-port 1000BaseX Ethernet set vlan 650 4/15-16 set port trap 4/1-16 enable set udld enable 4/14 set port qos 4/15-16 vlan-based ! #module 5 : 0-port Switch Fabric Module ! #module 6 empty ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Trying Router-15... Connected to Router-15. Escape character is '^]'. NEWCIC_CORE>en Password: NEWCIC_CORE#sh run Building configuration... Current configuration : 3459 bytes ! ! No configuration change since last restart ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname NEWCIC_CORE ! boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1 enable password core1 ! clock calendar-valid ip subnet-zero ip wccp web-cache ! ! no ip finger ! ip multicast-routing
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 23 15/12/2002
! ! ! interface Vlan13 description chem ip address 10.20.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan100 description CICSERVER_VLAN ip address 10.2.1.2 255.255.0.0 ! interface Vlan498 description interdep1_vlan ip address 10.3.16.2 255.255.255.0 ! interface Vlan499 description interdep2_vlan ip address 10.3.17.2 255.255.255.0 ! interface Vlan500 description connectivity to CIC_dist ip address 10.151.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip directed-broadcast ! interface Vlan501 description electrical distribution ip address 10.150.1.2 255.255.0.0 ! interface Vlan502 description library_distribution ip address 10.152.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip directed-broadcast ! interface Vlan503 description core_csc_vlan ip address 10.153.1.2 255.255.0.0 ! interface Vlan504 description core_mech_vlan ip address 10.154.1.2 255.255.0.0 ip pim dense-mode ! interface Vlan507 description Newciccore_to_Foundationcore ip address 10.200.7.1 255.255.255.0 ip pim dense-mode ! interface Vlan508
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 24 15/12/2002
description ** ACADEMIC CORE TO FOUNDATION CORE1 ** ip address 10.200.8.1 255.255.255.0 ip pim dense-mode ! interface Vlan509 description ** ACADEMIC CORE TO FOUNDATION CORE2 ** ip address 10.200.9.1 255.255.255.0 ip pim dense-mode ! interface Vlan605 description ** TEST BED CONNECTIVITY ** ip address 10.200.6.1 255.255.255.0 ! interface Vlan641 ip address 10.129.50.2 255.255.255.0 ip route-cache same-interface ! interface Vlan645 description THAICOM ip address 61.11.251.1 255.255.255.0 secondary ip address 202.131.126.1 255.255.255.0 secondary ip address 202.131.127.1 255.255.255.0 secondary ip address 203.192.37.1 255.255.255.0 no ip redirects no ip unreachables ! interface Vlan650 description firewall_vlan ip address 10.250.1.4 255.255.255.0 ip access-group 160 out ip wccp web-cache redirect out ip pim dense-mode ! router ospf 109 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 network 61.11.251.0 0.0.0.255 area 251 network 202.131.126.0 0.0.0.255 area 126 network 202.131.127.0 0.0.0.255 area 127 network 203.192.37.0 0.0.0.255 area 37 default-information originate ! ip classless ip route 0.0.0.0 0.0.0.0 10.250.1.2 150 ip route 10.100.11.225 255.255.255.255 10.200.9.2 no ip http server ! access-list 160 permit ip 10.107.15.0 0.0.0.255 any access-list 160 permit ip 10.107.10.0 0.0.0.255 any access-list 160 permit ip 144.16.0.0 0.0.255.255 any access-list 160 permit ip 10.0.0.0 0.63.255.255 any access-list 160 permit ip 10.128.0.0 0.127.255.255 any
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 25 15/12/2002
access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 160 permit ip 61.11.251.0 0.0.0.255 any access-list 160 permit ip 203.192.37.0 0.0.0.255 any access-list 160 permit ip 202.131.126.0 0.0.0.255 any access-list 160 permit ip 202.131.127.0 0.0.0.255 any snmp-server community public RO ! ! line con 0 transport input none line vty 0 4 login ! time-range halltime periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59 periodic weekdays 17:30 to 23:59 ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 26
15/12/2002
(B)
Console> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ......... .................. .................. .................. .................. .................. .................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Dec 19 2002, 04:30:49 ! #version 6.1(1b) ! ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain NEWCICDIST set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active set vlan 3 name gsst_private_ip type ethernet mtu 1500 said 100003 state active set set set set set set set set set set set set set set set set set set set set vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan 4 name math type ethernet mtu 1500 said 100004 state active 5 name CIC_VLAN type ethernet mtu 1500 said 100005 state active 6 name vgsom type ethernet mtu 1500 said 100006 state active 7 name physics type ethernet mtu 1500 said 100007 state active 8 name CET type ethernet mtu 1500 said 100008 state active 9 name chemistry type ethernet mtu 1500 said 100009 state active 10 name IEM type ethernet mtu 1500 said 100010 state active 11 name naval type ethernet mtu 1500 said 100011 state active 12 name aerospace type ethernet mtu 1500 said 100012 state active 13 name chemical type ethernet mtu 1500 said 100013 state active 14 name matsc type ethernet mtu 1500 said 100014 state active 15 name metal type ethernet mtu 1500 said 100015 state active 16 name mining type ethernet mtu 1500 said 100016 state active 17 name crf type ethernet mtu 1500 said 100017 state active 18 name architecture type ethernet mtu 1500 said 100018 state active 19 name step type ethernet mtu 1500 said 100019 state active 20 name GEOLOGY type ethernet mtu 1500 said 100020 state active 21 name RTC type ethernet mtu 1500 said 100021 state active 22 name HUMANITY type ethernet mtu 1500 said 100022 state active 23 name CRYOGENIC type ethernet mtu 1500 said 100023 state active
Page 27 15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
set vlan 24 name CIVIL type ethernet mtu 1500 said 100024 state active set vlan 25 name Agriculture_PHTC type ethernet mtu 1500 said 100025 state activ e set vlan 26 name infocell type ethernet mtu 1500 said 100026 state active set vlan 30 name PCLAB1 type ethernet mtu 1500 said 100030 state active set vlan 31 name PCLAB2 type ethernet mtu 1500 said 100031 state active set vlan 32 name WORKSTATION type ethernet mtu 1500 said 100032 state active set vlan 33 name TERMINAL type ethernet mtu 1500 said 100033 state active set vlan 34 name STAFF type ethernet mtu 1500 said 100034 state active set vlan 35 name VLSI type ethernet mtu 1500 said 100035 state active set vlan 36 name ADVLSI type ethernet mtu 1500 said 100036 state active set vlan 37 name MEDIALAB type ethernet mtu 1500 said 100037 state active set vlan 38 name CSESTAFF type ethernet mtu 1500 said 100038 state active set vlan 39 name CSEFACULTY type ethernet mtu 1500 said 100039 state active set vlan 40 name smt type ethernet mtu 1500 said 100040 state active set vlan 50 name abcd type ethernet mtu 1500 said 100050 state active set vlan 51 name LAB1_SIT type ethernet mtu 1500 said 100051 state active set vlan 52 name SERVER1s_SIT type ethernet mtu 1500 said 100052 state active set vlan 53 name SERVER1p_SIT type ethernet mtu 1500 said 100053 state active set vlan 54 name LAB2_SIT type ethernet mtu 1500 said 100054 state active set vlan 55 name SERVER2s_SIT type ethernet mtu 1500 said 100055 state active set vlan 56 name SERVER2p_SIT type ethernet mtu 1500 said 100056 state active set vlan 57 name INCUBIT_SIT type ethernet mtu 1500 said 100057 state active set vlan 58 name FACULTY_SIT type ethernet mtu 1500 said 100058 state active set vlan 59 name STAFF_SIT type ethernet mtu 1500 said 100059 state active set vlan 60 name PROJECT_SIT type ethernet mtu 1500 said 100060 state active set vlan 61 name FPGA_SIT type ethernet mtu 1500 said 100061 state active set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active set vlan 500 name CIC_to_core type ethernet mtu 1500 said 100500 state active set vlan 505 name CORE_NEWCICDIST type ethernet mtu 1500 said 100505 state activ e set vlan 506 name NEWCIC_SERVER2948 type ethernet mtu 1500 said 100506 state act ive set vlan 509 name NEWCICCORE_NEWCICDIST type ethernet mtu 1500 said 100509 state active set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active set vlan 761 name RP type ethernet mtu 1500 said 100761 state active set vlan 872 name RCC_VLAN type ethernet mtu 1500 said 100872 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.251/255.255.255.0 10.200.1.255
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 28
15/12/2002
set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup.6-1-1b.bin ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 2 1/1-2 set trunk 1/1 off negotiate 1-1005,1025-4094 set trunk 1/2 off negotiate 1-1005,1025-4094 ! #module 2 : 2-port 1000BaseX Supervisor set vlan 2 2/2 clear trunk 2/1 4-7,9-499,501-1005,1025-4094 set trunk 2/1 on isl 1-3,8,500 set trunk 2/2 off negotiate 1-1005,1025-4094 ! #module 3 : 16-port 1000BaseX Ethernet set vlan 2 3/1,3/10 set vlan 8 3/5 set vlan 9 3/6 set vlan 14 3/11 set vlan 15 3/12 set vlan 16 3/13 set vlan 17 3/14 set vlan 18 3/15 set vlan 19 3/16 set vlan 50 3/2-4,3/7-9 set port name 3/1 OLD_CIC_ACCESS set port name 3/2 PCLAB1_RACK1A_TRUNK set port name 3/3 PCLAB1_RACK2_TRUNK set port name 3/4 PCLAB2_RACK1_TRUNK set port name 3/5 PCLAB2_RACK2_TRUNK set port name 3/6 WKSTLAB_RACK1_TRUNK set port name 3/7 WKSTLAB_RACK2_TRUNK set port name 3/8 CRYOGENIC_TRUNK set port name 3/11 VLSI_GND_TRUNK set port name 3/12 CET_TRUNK set port name 3/13 ACADEMIC_CORE_TRUNK set port name 3/14 AdvVLSI_GND_TRUNK set port name 3/15 RCC_TRUNK set port name 3/16 NETWORK-ROOM_TRUNK clear trunk 3/1 1-1005,1025-4094 set trunk 3/1 auto negotiate clear trunk 3/2 1025-4094 set trunk 3/2 on isl 1-1005 clear trunk 3/3 1025-4094 set trunk 3/3 on isl 1-1005 clear trunk 3/4 1025-4094
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 29 15/12/2002
set trunk 3/4 on isl 1-1005 clear trunk 3/5 1025-4094 set trunk 3/5 on isl 1-1005 set trunk 3/6 on isl 1-1005,1025-4094 clear trunk 3/7 1025-4094 set trunk 3/7 on isl 1-1005 set trunk 3/8 on isl 1-1005,1025-4094 clear trunk 3/9 2,4-37,40-1005,1025-4094 set trunk 3/9 on isl 1,3,38-39 clear trunk 3/10 1025-4094 set trunk 3/10 off isl 1-1005 clear trunk 3/11 2-34,36-1005,1025-4094 set trunk 3/11 on isl 1,35 clear trunk 3/12 2-7,9-1005,1025-4094 set trunk 3/12 on isl 1,8 set trunk 3/13 on isl 1-1005,1025-4094 set trunk 3/14 on isl 1-1005,1025-4094 set trunk 3/15 on isl 1-1005,1025-4094 set trunk 3/16 on isl 1-1005,1025-4094 ! #module 4 : 16-port 1000BaseX Ethernet set vlan 2 4/6-7,4/9-10,4/12 set vlan 9 4/16 set vlan 14 4/5 set vlan 16 4/8 set vlan 17 4/11 set vlan 18 4/15 set vlan 25 4/1-2,4/4 set vlan 40 4/14 clear trunk 4/1 1025-4094 set trunk 4/1 off isl 1-1005 clear trunk 4/2 1025-4094 set trunk 4/2 off isl 1-1005 clear trunk 4/3 3-22,25-32,34-99,101-644,646-1005,1025-4094 set trunk 4/3 on dot1q 1-2,23-24,33,100,645 clear trunk 4/4 1-11,13-1005,1025-4094 set trunk 4/4 on isl 12 set trunk 4/5 off isl 1-1005,1025-4094 clear trunk 4/6 1,3-9,11-1005,1025-4094 set trunk 4/6 on isl 2,10 clear trunk 4/7 1-5,7-1005,1025-4094 set trunk 4/7 on isl 6 clear trunk 4/8 1-1005,1025-4094 set trunk 4/8 off negotiate clear trunk 4/9 1,3-6,8-1005,1025-4094 set trunk 4/9 on isl 2,7 clear trunk 4/10 1-10,12-1005,1025-4094 set trunk 4/10 on isl 11 clear trunk 4/11 1025-4094 set trunk 4/11 off isl 1-1005 clear trunk 4/12 1,3-25,27-1005,1025-4094 set trunk 4/12 on isl 2,26
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 30 15/12/2002
clear trunk 4/13 2,4-37,40-1005,1025-4094 set trunk 4/13 on dot1q 1,3,38-39 set trunk 4/14 off isl 1-1005,1025-4094 set trunk 4/15 off isl 1-1005,1025-4094 set trunk 4/16 off isl 1-1005,1025-4094 ! #module 5 : 8-port 1000BaseX Ethernet set port name 5/1 SIT-RACK5_TRUNK set port name 5/2 SIT-RACK3_TRUNK set port name 5/3 SIT-RACK1_TRUNK set port name 5/4 SIT-RACK4_TRUNK set port name 5/5 MEDIALAB-ROOM2_TRUNK set trunk 5/1 on isl 1-1005,1025-4094 set trunk 5/2 on isl 1-1005,1025-4094 set trunk 5/3 on isl 1-1005,1025-4094 set trunk 5/4 on isl 1-1005,1025-4094 set trunk 5/5 on isl 1-1005,1025-4094 ! #module 6 : 8-port 1000BaseX Ethernet set vlan 2 6/3,6/7 set vlan 15 6/6 set vlan 19 6/2 set trunk 6/1 on isl 1-1005,1025-4094 set trunk 6/2 off isl 1-1005,1025-4094 set trunk 6/3 off isl 1-1005,1025-4094 set trunk 6/4 on isl 1-1005,1025-4094 set trunk 6/5 on isl 1-1005,1025-4094 clear trunk 6/6 1-1005,1025-4094 set trunk 6/6 auto negotiate set trunk 6/8 on isl 1-1005,1025-4094 ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Console> (enable) Console> (enable) session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. ACADEMIC_DISTRIBUTION>en Password: Password: ACADEMIC_DISTRIBUTION#sh run Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 31 15/12/2002
no service password-encryption ! hostname ACADEMIC_DISTRIBUTION ! boot system flash bootflash:c6msfc2-isv-mz.121-3a.E4 enable password core1 ! ip subnet-zero ip cef distributed ip name-server 144.16.192.1 ip name-server 144.16.192.55 ! ! ! ! interface Vlan2 description ernet_vlan ip address 203.197.98.200 255.255.255.0 secondary ip address 202.141.127.200 255.255.255.0 secondary ip address 10.100.1.2 255.255.0.0 secondary ip address 144.16.197.150 255.255.240.0 ip helper-address 10.17.32.156 no ip redirects no ip unreachables ip directed-broadcast ip nat outside ! interface Vlan3 description gssst_vlan ip address 10.44.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan4 description math_vlan ip address 10.23.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan5 description cic_vlan ip address 10.1.1.10 255.255.0.0 ip helper-address 10.17.32.156 ! interface Vlan6 description vgsom ip address 10.43.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan7 description physics
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 32 15/12/2002
ip address 10.33.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan8 description CET ip address 10.35.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan9 description chemistry ip address 10.28.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan10 description IEM ip address 10.29.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan11 description naval ip address 10.24.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan12 description aerospace ip address 10.25.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan14 description matsc ip address 10.39.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan15 description metal ip address 10.31.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan16 description mining ip address 10.32.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 33 15/12/2002
interface Vlan17 description crf ip address 10.42.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan18 description architecture ip address 10.27.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan19 description step ip address 10.49.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan20 description GEOLOGY ip address 10.21.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan21 description RTC ip address 10.38.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan22 description HUMANITY ip address 10.30.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan23 description CRYOGENIC ip address 10.36.1.2 255.255.0.0 ip helper-address 10.17.32.156 ! interface Vlan24 description CIVIL ip address 10.19.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan25 description Agriculture_PHTC ip address 10.26.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 34 15/12/2002
! interface Vlan26 description infocell ip address 10.15.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan30 description PCLAB1 ip address 10.3.18.2 255.255.255.0 ! interface Vlan31 description PCLAB2 ip address 10.3.19.2 255.255.255.0 ! interface Vlan32 description WORKSTATION ip address 10.3.124.2 255.255.255.0 ! interface Vlan33 description TERMINAL ip address 10.3.32.2 255.255.255.0 ! interface Vlan34 description STAFF ip address 10.3.132.2 255.255.255.0 ! interface Vlan35 description VLSI ip address 10.3.36.2 255.255.255.0 ! interface Vlan36 description advanced vlsi ip address 10.55.1.2 255.255.0.0 ip nat inside ! interface Vlan37 description medialab ip address 10.3.140.2 255.255.255.0 ! interface Vlan40 description SCHOOL OF MEDICAL TECHNOLOGY ip address 10.54.1.2 255.255.0.0 ip nat inside ! interface Vlan51 description LAB1_SIT ip address 10.14.1.2 255.255.255.0 ! interface Vlan52 description SERVER1s_SIT ip address 10.14.2.2 255.255.255.0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 35 15/12/2002
! interface Vlan53 description SERVER1p_SIT ip address 10.14.3.2 255.255.255.0 ! interface Vlan54 description LAB2_SIT ip address 10.14.4.2 255.255.255.0 ! interface Vlan55 description SERVER2s_SIT ip address 10.14.5.2 255.255.255.0 ! interface Vlan56 description SERVER2p_SIT ip address 10.14.6.2 255.255.255.0 ! interface Vlan57 description INCUBIT_SIT ip address 10.14.7.2 255.255.255.0 ! interface Vlan58 description FACULTY_SIT ip address 10.14.8.2 255.255.255.0 ! interface Vlan59 description STAFF_SIT ip address 10.14.9.2 255.255.255.0 ! interface Vlan60 description PROJECT_SIT ip address 10.14.10.2 255.255.255.0 ! interface Vlan61 description FPGA_SIT ip address 10.14.11.2 255.255.255.0 ! interface Vlan100 no ip address shutdown ! interface Vlan500 ip address 10.151.1.1 255.255.0.0 ip helper-address 10.17.32.156 ip directed-broadcast ip nat inside ! interface Vlan505 description NEWCICDIST_ACADEMICCORE ip address 10.155.1.1 255.255.255.0 ! interface Vlan506
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 36 15/12/2002
description NEWCICDIST_SERVER2948 ip address 10.155.2.1 255.255.255.0 ! interface Vlan509 description newcicdisribution to newciccore ip address 10.200.9.2 255.255.255.0 ip nat inside ! interface Vlan872 description NewCICDist_To_RCC ip address 10.107.10.2 255.255.255.0 ! router ospf 109 log-adjacency-changes redistribute rip subnets network 10.0.0.0 0.255.255.255 area 0 ! router rip redistribute ospf 109 passive-interface Vlan509 network 10.0.0.0 network 144.16.0.0 network 202.141.127.0 network 203.197.98.0 default-metric 10 ! ip nat inside source static 10.43.1.5 144.16.192.146 ip nat inside source static 10.5.19.45 144.16.192.72 ip nat inside source static 10.55.32.81 144.16.192.112 ip nat inside source static 10.5.18.67 61.11.237.104 ip nat inside source static 10.5.18.66 61.11.237.103 ip nat inside source static 10.5.18.64 61.11.237.101 ip nat inside source static 10.5.18.65 61.11.237.102 ip nat inside source static 10.17.40.1 203.197.98.28 ip nat inside source static 10.15.1.4 144.16.192.110 ip nat inside source static 10.26.32.6 144.16.194.6 ip nat inside source static 10.26.1.4 144.16.192.121 ip nat inside source static 10.19.1.4 144.16.192.73 ip nat inside source static 10.49.32.100 144.16.200.149 ip nat inside source static 10.21.1.4 144.16.192.50 ip nat inside source static 10.25.1.5 144.16.196.219 ip nat inside source static 10.27.1.4 144.16.192.41 ip nat inside source static 10.32.1.4 144.16.192.10 ip nat inside source static 10.39.1.4 144.16.192.105 ip nat inside source static 10.25.1.4 144.16.192.113 ip nat inside source static 10.20.251.4 144.16.192.220 ip nat inside source static 10.20.1.4 144.16.192.89 ip nat inside source static 10.44.1.4 144.16.192.241 ip nat inside source static 10.43.1.4 144.16.192.145 ip nat inside source static 10.35.1.4 144.16.192.221 ip nat inside source static 10.33.1.4 144.16.192.135 ip nat inside source static 10.28.1.4 144.16.192.136
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 37 15/12/2002
ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip
nat inside source static 10.29.1.4 144.16.192.147 nat inside source static 10.9.1.4 144.16.192.25 nat inside source static 10.17.32.1 144.16.195.140 nat inside source static 10.17.32.2 144.16.195.141 nat inside source static 10.17.32.3 144.16.195.142 nat inside source static 10.17.32.4 144.16.195.143 nat inside source static 10.17.32.5 144.16.195.186 nat inside source static 10.17.32.7 144.16.195.156 nat inside source static 10.17.32.8 144.16.195.170 nat inside source static 10.17.32.9 144.16.195.171 nat inside source static 10.24.1.4 144.16.192.97 nat inside source static 10.38.1.4 144.16.195.125 classless route 0.0.0.0 0.0.0.0 10.151.1.2 150 route 61.11.237.101 255.255.255.255 10.5.18.64 route 61.11.237.102 255.255.255.255 10.5.18.65 route 61.11.237.103 255.255.255.255 10.5.18.66 route 61.11.237.104 255.255.255.255 10.5.18.67 route 144.16.192.10 255.255.255.255 10.32.1.4 route 144.16.192.25 255.255.255.255 10.9.1.4 route 144.16.192.41 255.255.255.255 10.27.1.4 route 144.16.192.50 255.255.255.255 10.21.1.4 route 144.16.192.72 255.255.255.255 10.5.19.45 route 144.16.192.73 255.255.255.255 10.19.1.4 route 144.16.192.89 255.255.255.255 10.20.1.4 route 144.16.192.97 255.255.255.255 10.24.1.4 route 144.16.192.105 255.255.255.255 10.39.1.4 route 144.16.192.110 255.255.255.255 10.15.1.4 route 144.16.192.112 255.255.255.255 10.55.32.81 route 144.16.192.113 255.255.255.255 10.25.1.4 route 144.16.192.121 255.255.255.255 10.26.1.4 route 144.16.192.135 255.255.255.255 10.33.1.4 route 144.16.192.136 255.255.255.255 10.28.1.4 route 144.16.192.145 255.255.255.255 10.43.1.4 route 144.16.192.146 255.255.255.255 10.43.1.5 route 144.16.192.147 255.255.255.255 10.29.1.4 route 144.16.192.220 255.255.255.255 10.20.251.4 route 144.16.192.221 255.255.255.255 10.35.1.4 route 144.16.192.241 255.255.255.255 10.44.1.4 route 144.16.194.6 255.255.255.255 10.26.32.6 route 144.16.195.125 255.255.255.255 10.38.1.4 route 144.16.195.140 255.255.255.255 10.17.32.1 route 144.16.195.141 255.255.255.255 10.17.32.2 route 144.16.195.142 255.255.255.255 10.17.32.3 route 144.16.195.143 255.255.255.255 10.17.32.4 route 144.16.195.156 255.255.255.255 10.17.32.7 route 144.16.195.170 255.255.255.255 10.17.32.8 route 144.16.195.171 255.255.255.255 10.17.32.9 route 144.16.195.186 255.255.255.255 10.17.32.5 route 144.16.196.219 255.255.255.255 10.25.1.5 route 144.16.200.149 255.255.255.255 10.49.32.100 route 144.16.204.0 255.255.255.0 10.151.1.2
Page 38 15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
ip route 144.16.205.0 255.255.255.0 10.151.1.2 ip route 203.197.98.28 255.255.255.255 10.17.40.1 no ip http server ! ! line con 0 transport input none line vty 0 3 login line vty 4 password core1 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 39
15/12/2002
active set vlan active set vlan active set vlan tive set vlan ctive set vlan ctive set vlan tive set vlan tive set vlan tive set vlan ctive set vlan ctive set vlan ctive set vlan set vlan
613 name nehru_foundationcore1 type ethernet mtu 1500 said 100613 state 615 name patel_fundationcore1 type ethernet mtu 1500 said 100615 state 617 name hb_foundationcore1 type ethernet mtu 1500 said 100617 state ac 619 name jcb_foundationcore1 type ethernet mtu 1500 said 100619 state a 621 name llr_foundationcore1 type ethernet mtu 1500 said 100621 state a 623 name vs_foundationcore1 type ethernet mtu 1500 said 100623 state ac 627 name rk_foundationcore1 type ethernet mtu 1500 said 100627 state ac 629 name rp_foundationcore1 type ethernet mtu 1500 said 100629 state ac 631 name bcr_foundationcore1 type ethernet mtu 1500 said 100631 state a 633 name mbm_foundationcore1 type ethernet mtu 1500 said 100633 state a 635 name ig_foundationcore1\ type ethernet mtu 1500 said 100635 state a 640 name hallserver type ethernet mtu 1500 said 100640 state active 641 name content_engine type ethernet mtu 1500 said 100641 state active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active set vlan 761 name RP type ethernet mtu 1500 said 100761 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 7 stemaxhop 7 backupcrf off ! #ip set interface sc0 1 10.200.1.250/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! #qos set qos enable set qos policed-dscp-map 0,32:0 set qos policed-dscp-map 1:1 set qos policed-dscp-map 2:2 set qos policed-dscp-map 3:3 set qos policed-dscp-map 4:4
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 41 15/12/2002
set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set
qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos
policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map
5:5 6:6 7:7 8:8 9:9 10:10 11:11 12:12 13:13 14:14 15:15 16:16 17:17 18:18 19:19 20:20 21:21 22:22 23:23 24:24 25:25 26:26 27:27 28:28 29:29 30:30 31:31 33:33 34:34 35:35 36:36 37:37 38:38 39:39 40:40 41:41 42:42 43:43 44:44 45:45 46:46 47:47 48:48 49:49 50:50 51:51 52:52 53:53 54:54 55:55 56:56 57:57
Page 42 15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
set qos policed-dscp-map 58:58 set qos policed-dscp-map 59:59 set qos policed-dscp-map 60:60 set qos policed-dscp-map 61:61 set qos policed-dscp-map 62:62 set qos policed-dscp-map 63:63 set qos policer aggregate qos_tcp rate 480000 policed-dscp erate 480000 drop bur st 32000 set qos policer aggregate qos_udp rate 320000 policed-dscp erate 320000 drop bur st 32000 set qos policer aggregate QPM_3_6 rate 0 policed-dscp erate 0 drop burst 32 ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 : 2-port 1000BaseX Supervisor ! #module 3 : 16-port 1000BaseX Ethernet clear trunk 3/1 1025-4094 set trunk 3/1 on isl 1-1005 clear trunk 3/2 1025-4094 set trunk 3/2 on isl 1-1005 clear trunk 3/3 1025-4094 set trunk 3/3 on isl 1-1005 clear trunk 3/4 1025-4094 set trunk 3/4 on isl 1-1005 clear trunk 3/5 1025-4094 set trunk 3/5 on isl 1-1005 set trunk 3/6 on isl 1-1005,1025-4094 set trunk 3/7 on isl 1-1005,1025-4094 set trunk 3/8 on isl 1-1005,1025-4094 set trunk 3/9 on isl 1-1005,1025-4094 set trunk 3/10 on isl 1-1005,1025-4094 set trunk 3/11 on isl 1-1005,1025-4094 set trunk 3/12 on isl 1-1005,1025-4094 set trunk 3/13 on isl 1-1005,1025-4094 set trunk 3/15 on isl 1-1005,1025-4094 set trunk 3/16 on isl 1-1005,1025-4094 set port qos 3/1-12 vlan-based ! #module 4 empty ! #module 5 : 0-port Switch Fabric Module ! #module 6 : 0-port Switch Fabric Module ! #module 7 empty ! #module 8 empty !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 43 15/12/2002
#module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Console> (enable) Console> (enable) session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. User Access Verification Password: HOSTEL_CORE1>en Password: HOSTEL_CORE1#sh run Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname HOSTEL_CORE1 ! boot system flash bootflash:c6msfc2-is-mz.121-3a.E4 enable secret 5 $1$xC32$s16mUY/jmUbObKNDXjXgV. enable password line test ! ip subnet-zero ip cef ! ip multicast-routing redundancy high-availability config-sync ! ! ! interface Vlan1 ip address 10.200.2.2 255.255.255.0 secondary alt ip address 10.200.2.210 255.2 55.255.0 secondary ip address 10.200.1.2 255.255.255.0 alt ip address 10.200.1.210 255.255.255.0 no ip redirects no ip unreachables ! interface Vlan505
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 44 15/12/2002
description Academic Core to New CIC Distribution ip address 10.155.1.2 255.255.255.0 alt ip address 10.155.1.3 255.255.255.0 ! interface Vlan508 description Academic Core to New CIC Core ip address 10.200.8.2 255.255.255.0 alt ip address 10.200.8.3 255.255.255.0 ip pim dense-mode ! interface Vlan610 description academic 3/16 to foundation core1 ip address 10.200.10.2 255.255.255.0 alt ip address 10.200.10.3 255.255.255.0 ip helper-address 10.17.32.156 ip directed-broadcast ip pim dense-mode ! interface Vlan611 description AZAD TO FOUNDATION CORE1 ip address 10.200.11.1 255.255.255.0 alt ip address 10.200.11.3 255.255.255.0 ip pim dense-mode ! interface Vlan613 description NEHRU TO FOUNDATION CORE1 ip address 10.200.13.1 255.255.255.0 alt ip address 10.200.13.3 255.255.255.0 ip pim dense-mode ! interface Vlan615 description PATEL TO FOUNDATION CORE1 ip address 10.200.15.1 255.255.255.0 alt ip address 10.200.15.3 255.255.255.0 ip pim dense-mode ! interface Vlan617 description HB TO FOUNDATION CORE1 ip address 10.200.17.1 255.255.255.0 alt ip address 10.200.17.3 255.255.255.0 ip pim dense-mode ! interface Vlan619 description JCB TO FOUNDATION CORE1 ip address 10.200.19.1 255.255.255.0 alt ip address 10.200.19.3 255.255.255.0 ip pim dense-mode ! interface Vlan621 description LLR TO HOSTEL_CORE1 ip address 10.200.21.1 255.255.255.0 alt ip address 10.200.21.3 255.255.255.0 ip pim dense-mode ! interface Vlan623 description VS TO HOSTEL_CORE1 ip address 10.200.23.1 255.255.255.0 alt ip address 10.200.23.3 255.255.255.0 ip pim dense-mode ! interface Vlan627 description RK TO HOSTEL_CORE1
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 45 15/12/2002
ip address 10.200.27.1 255.255.255.0 alt ip address 10.200.27.3 255.255.255.0 ip pim dense-mode ! interface Vlan629 description RP TO HOSTEL_CORE1 ip address 10.200.29.1 255.255.255.0 alt ip address 10.200.29.3 255.255.255.0 ip pim dense-mode ! interface Vlan631 description BCR TO HOSTEL_CORE1 ip address 10.200.31.1 255.255.255.0 alt ip address 10.200.31.3 255.255.255.0 ip pim dense-mode ! interface Vlan633 description CORE1 3/12 TO MBM DISTRIBUTION VLAN ip address 10.200.33.1 255.255.255.0 alt ip address 10.200.33.3 255.255.255.0 ip pim dense-mode ! interface Vlan635 description IG TO FOUNDATION CORE1 ip address 10.200.35.1 255.255.255.0 alt ip address 10.200.35.3 255.255.255.0 ip pim dense-mode ! interface Vlan640 description SERVER VLAN ip address 10.129.100.2 255.255.255.0 alt ip address 10.129.100.3 255.255.255.0 ! router ospf 109 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip classless ip route 10.100.11.225 255.255.255.255 10.200.8.1 no ip http server ! ! line con 0 transport input none line vty 0 4 password core1 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 46
15/12/2002
active set vlan active set vlan active set vlan active set vlan active set vlan active set vlan tive set vlan ctive set vlan ctive set vlan ctive set vlan ctive set vlan tive set vlan tive set vlan e active set vlan tive set vlan tive set vlan tive set vlan tive set vlan tive set vlan ctive set vlan ctive set vlan set vlan ctive set vlan tive set vlan tive set vlan set vlan
612 name AZAD_FOUNDATIONCORE2 type ethernet mtu 1500 said 100612 state 613 name NEHRU_FOUNDATIONCORE1 type ethernet mtu 1500 said 100613 state 614 name NEHRU_FOUNDATIONCORE2 type ethernet mtu 1500 said 100614 state 615 name PATEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100615 state 616 name PATEL_FOUNDATIONCORE2 type ethernet mtu 1500 said 100616 state 617 name HB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100617 state ac 619 name JCB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100619 state a 620 name JCB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100620 state a 621 name LLR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100621 state a 622 name LLR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100622 state a 623 name VS_FOUNDATIONCORE1 type ethernet mtu 1500 said 100623 state ac 624 name VS_FOUNDATIONCORE2 type ethernet mtu 1500 said 100624 state ac 625 name GOKHEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100625 stat 626 name HB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100626 state ac 627 name RK_FOUNDATIONCORE1 type ethernet mtu 1500 said 100627 state ac 628 name RK_FOUNDATIONCORE2 type ethernet mtu 1500 said 100628 state ac 629 name RP_FOUNDATIONCORE1 type ethernet mtu 1500 said 100629 state ac 630 name RP_FOUNDATIONCORE2 type ethernet mtu 1500 said 100630 state ac 631 name BCR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100631 state a 632 name BCR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100632 state a 633 name CORE1_MBM type ethernet mtu 1500 said 100633 state active 634 name MBM_FOUNDATIONCORE2 type ethernet mtu 1500 said 100634 state a 635 name IG_FOUNDATIONCORE1 type ethernet mtu 1500 said 100635 state ac 636 name IG_FOUNDATIONCORE2 type ethernet mtu 1500 said 100636 state ac 640 name server type ethernet mtu 1500 said 100640 state active 641 name content_engine type ethernet mtu 1500 said 100641 state active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 48 15/12/2002
set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active set vlan 900 name TEST type ethernet mtu 1500 said 100900 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 760-761,776,847,871 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.254/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #dns set ip dns server 10.128.2.2 primary set ip dns enable set ip dns domain net.iitkgp.ernet.in ! #set boot command set boot config-register 0x102 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! #mls set mls statistics protocol 0 set mls nde flow include source 10.200.1.254/255.255.255.255 destination 10.200. 1.200/255.255.255.255 ! #qos set qos enable set qos policer aggregate qos_tcp1 rate 480000 policed-dscp erate 480000 drop bu rst 32000 set qos policer aggregate qos_udp1 rate 320000 policed-dscp erate 320000 drop bu rst 32000 clear qos acl all #qos_vlan1 set qos acl ip qos_vlan1 dscp 0 aggregate qos_tcp1 tcp any any set qos acl ip qos_vlan1 dscp 0 aggregate qos_udp1 udp any any # commit qos acl all # set qos acl map qos_vlan1 612,614,616,620,622,624,626,628,630,632,634,636 ! #port channel set port channel 2/1-2 781 ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 49 15/12/2002
set vlan 650 1/1 set udld enable 1/1-2 set trunk 1/2 on isl 1-1005,1025-4094 set port qos 1/2 vlan-based ! #module 2 : 2-port 1000BaseX Supervisor set trunk 2/1 on isl 1-1005,1025-4094 set trunk 2/2 on isl 1-1005,1025-4094 set port channel 2/1-2 mode on #module 3 empty ! #module 4 : 16-port 1000BaseX Ethernet set udld enable 4/6,4/8,4/10,4/12,4/15-16 set trunk 4/1 on isl 1-1005,1025-4094 set trunk 4/2 on isl 1-1005,1025-4094 set trunk 4/3 on isl 1-1005,1025-4094 set trunk 4/4 on isl 1-1005,1025-4094 set trunk 4/5 on isl 1-1005,1025-4094 set trunk 4/6 on isl 1-1005,1025-4094 set trunk 4/7 on isl 1-1005,1025-4094 set trunk 4/8 on isl 1-1005,1025-4094 ! #module 5 : 0-port Switch Fabric Module ! #module 6 : 0-port Switch Fabric Module ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Console> (enable) Console> (enable) session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. HOSTEL_CORE2>en HOSTEL_CORE2#sh run Building configuration... Current configuration: ! ! No configuration change since last restart ! version 12.1 service timestamps debug uptime
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 50 15/12/2002
service timestamps log uptime no service password-encryption ! hostname HOSTEL_CORE2 boot system flash bootflash:c6msfc2-is-mz.121-3a.E4 ! clock calendar-valid ip subnet-zero ip cef ! ip multicast-routing redundancy high-availability config-sync ! interface Vlan507 description Foundation Core1 to New CIC Core ip address 10.200.7.2 255.255.255.0 alt ip address 10.200.7.3 255.255.255.0 ip pim dense-mode ! interface Vlan612 description AZAD TO FOUNDATION CORE2 ip address 10.200.12.1 255.255.255.0 alt ip address 10.200.12.3 255.255.255.0 ! interface Vlan614 description NEHRU TO FOUNDATION CORE2 ip address 10.200.14.1 255.255.255.0 alt ip address 10.200.14.3 255.255.255.0 ! interface Vlan616 description PATEL TO FOUNDATION CORE2 ip address 10.200.16.1 255.255.255.0 alt ip address 10.200.16.3 255.255.255.0 ! interface Vlan620 description JCB TO FOUNDATION CORE2 ip address 10.200.20.1 255.255.255.0 alt ip address 10.200.20.3 255.255.255.0 ip pim dense-mode ! interface Vlan622 description LLR TO FOUNDATION CORE2 ip address 10.200.22.1 255.255.255.0 alt ip address 10.200.22.3 255.255.255.0 ! interface Vlan624 description VS TO FOUNDATION CORE2 ip address 10.200.24.1 255.255.255.0 alt ip address 10.200.24.3 255.255.255.0 ! interface Vlan626 description HB TO FOUNDATION CORE2 ip address 10.200.26.1 255.255.255.0 alt ip address 10.200.26.3 255.255.255.0 ! interface Vlan628 description RK TO FOUNDATIONCORE2 ip address 10.200.28.1 255.255.255.0 alt ip address 10.200.28.3 255.255.255.0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 51 15/12/2002
! interface Vlan630 description RP TO FOUNDATION CORE2 ip address 10.200.30.1 255.255.255.0 alt ip address 10.200.30.3 255.255.255.0 ! interface Vlan632 description BCR TO FOUNDATION CORE2 ip address 10.200.32.1 255.255.255.0 alt ip address 10.200.32.3 255.255.255.0 ! interface Vlan634 description MBM TO FOUNDATION CORE2 ip address 10.200.34.1 255.255.255.0 alt ip address 10.200.34.3 255.255.255.0 ! interface Vlan636 description IG TO FOUNDATION CORE2 ip address 10.200.36.1 255.255.255.0 alt ip address 10.200.36.3 255.255.255.0 ! interface Vlan900 ip address 10.51.1.2 255.255.255.0 alt ip address 10.51.1.3 255.255.255.0 ! router ospf 109 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip classless no ip http server ! access-list 10 permit 10.51.1.100 access-list 10 permit 10.51.1.101 access-list 160 permit ip 10.107.15.0 0.0.0.255 any access-list 160 permit ip 10.107.10.0 0.0.0.255 any access-list 160 permit ip 144.16.0.0 0.0.255.255 any access-list 160 permit ip 10.0.0.0 0.63.255.255 any access-list 160 permit ip 10.128.0.0 0.127.255.255 any access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 160 permit ip 61.11.251.0 0.0.0.255 any access-list 160 permit ip 203.192.37.0 0.0.0.255 any ! line con 0 transport input none line vty 0 4 login ! time-range halltime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59 ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 52
15/12/2002
police 3496000 874000 874000 conform-action transmit exceed-action drop class hostel_weekend police 3496000 874000 874000 conform-action transmit exceed-action drop class academic_daytime police 3496000 874000 874000 conform-action transmit exceed-action drop policy-map academic_daytime policy-map CET_BW_Downstream class Downstream_control police 128000 4000 4000 conform-action transmit exceed-action drop policy-map CET_BW_Upstream class Upstream_control police 128000 4000 4000 conform-action transmit exceed-action drop ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet1/0/0 description CONNECTION TO DVB RECEIVER ip address 61.11.237.254 255.255.255.252 ip route-cache flow half-duplex ! interface Serial1/1/0 ip address 203.192.34.226 255.255.255.252 ip wccp web-cache redirect out no keepalive no fair-queue ignore-dcd serial restart-delay 0 ! interface Serial1/1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/1/3 no ip address shutdown serial restart-delay 0 ! interface FastEthernet4/0/0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 54 15/12/2002
ip address 61.11.237.1 255.255.255.128 ip route-cache same-interface half-duplex ! interface Hssi4/1/0 no ip address shutdown serial restart-delay 0 ! interface Hssi4/1/1 no ip address shutdown serial restart-delay 0 ! ip classless ip route 0.0.0.0 0.0.0.0 Serial1/1/0 ip route 10.0.0.0 255.0.0.0 61.11.237.3 ip route 61.11.251.0 255.255.255.0 61.11.237.3 ip route 202.131.126.0 255.255.255.0 61.11.237.3 ip route 202.131.127.0 255.255.255.0 61.11.237.3 ip route 203.192.37.0 255.255.255.0 61.11.237.3 no ip http server ip pim bidir-enable ! access-list 10 permit 10.51.1.100 access-list 10 permit 10.51.1.101 access-list 101 permit ip any 10.96.0.0 0.31.255.255 time-range daytime access-list 102 permit ip any 10.0.0.0 0.63.255.255 time-range daytime access-list 102 permit ip any 144.16.0.0 0.0.255.255 time-range daytime access-list 102 permit ip any 192.0.0.0 0.255.255.255 time-range daytime access-list 102 permit ip any 10.128.0.0 0.127.255.255 time-range daytime access-list 103 permit ip any 10.96.0.0 0.31.255.255 time-range nighttime access-list 104 permit ip any 10.0.0.0 0.63.255.255 time-range nighttime access-list 104 permit ip any 10.128.0.0 0.127.255.255 time-range nighttime access-list 104 permit ip any 144.16.0.0 0.0.255.255 time-range nighttime access-list 104 permit ip any 192.0.0.0 0.255.255.255 time-range nighttime access-list 105 permit ip any 10.96.0.0 0.31.255.255 time-range weekend access-list 106 permit ip any 10.0.0.0 0.63.255.255 time-range weekend access-list 106 permit ip any 144.16.0.0 0.0.255.255 time-range weekend access-list 106 permit ip any 192.0.0.0 0.255.255.255 time-range weekend access-list 106 permit ip any 10.128.0.0 0.127.255.255 time-range weekend access-list 107 permit ip any host 61.11.237.110 access-list 108 permit ip host 61.11.237.110 any access-list 120 permit ip any host 61.11.237.12 access-list 121 permit ip any host 61.11.237.13 access-list 170 permit ip 10.107.15.0 0.0.0.255 any access-list 170 permit ip 10.107.10.0 0.0.0.255 any access-list 170 permit ip 144.16.0.0 0.0.255.255 any access-list 170 permit ip 10.0.0.0 0.63.255.255 any access-list 170 permit ip 10.128.0.0 0.127.255.255 any access-list 170 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 170 permit ip 61.11.251.0 0.0.0.255 any
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 55 15/12/2002
access-list 170 permit ip 203.192.37.0 0.0.0.255 any access-list 170 permit ip 192.168.1.0 0.0.0.255 any access-list 170 permit ip 61.11.237.0 0.0.0.255 any access-list 170 permit ip 202.131.36.0 0.0.0.255 any access-list 170 permit ip 202.131.126.0 0.0.0.255 any access-list 170 permit ip 202.131.127.0 0.0.0.255 any snmp-server engineID local 000000090200000652D67020 snmp-server community public RO ! ! ! line con 0 line aux 0 line vty 0 3 password dalmia12 login line vty 4 login ! time-range daytime periodic weekdays 8:00 to 17:00 ! time-range halltime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59 ! time-range nighttime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 7:59 ! time-range weekend periodic weekend 0:00 to 23:59 ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 56
15/12/2002
access-list acl_in permit ip host 10.200.1.200 any access-list acl_in permit tcp any any eq www access-list acl_in permit tcp any any eq https access-list acl_in permit ip host 10.3.140.14 any access-list acl_in permit ip host 61.11.251.101 any access-list acl_in permit ip host 61.11.251.102 any access-list acl_in permit ip host 144.16.204.2 any access-list acl_in permit tcp any any eq 210 access-list acl_in permit ip host 10.24.32.22 any pager lines 24 logging host inside 10.250.1.100 interface ethernet0 10baset interface ethernet1 10baset interface gb-ethernet0 1000sxfull interface ethernet2 10baset interface ethernet3 10baset interface ethernet4 10baset interface ethernet5 10baset mtu outside 1500 mtu intf2 1500 mtu inside 1500 mtu intf3 1500 mtu intf4 1500 mtu intf5 1500 mtu intf6 1500 ip address outside 61.11.237.3 255.255.255.128 ip address intf2 172.16.2.1 255.255.255.0 ip address inside 10.250.1.2 255.255.255.0 ip address intf3 172.16.3.1 255.255.255.0 ip address intf4 172.16.4.1 255.255.255.0 ip address intf5 172.16.5.1 255.255.255.0 ip address intf6 172.16.6.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm failover failover timeout 0:00:00 failover poll 15 failover ip address outside 61.11.237.2 failover ip address intf2 172.16.2.2 failover ip address inside 10.250.1.3 failover ip address intf3 172.16.3.2 failover ip address intf4 172.16.4.2 failover ip address intf5 172.16.5.2 failover ip address intf6 172.16.6.2 pdm history enable arp timeout 14400 global (outside) 1 61.11.237.14 global (outside) 2 61.11.237.15 global (outside) 3 61.11.237.13 global (outside) 4 61.11.237.16 nat (inside) 0 61.11.251.0 255.255.255.0 0 0 nat (inside) 0 202.131.126.0 255.255.255.0 0 0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 58 15/12/2002
nat (inside) 0 202.131.127.0 255.255.255.0 0 0 nat (inside) 0 203.192.37.0 255.255.255.0 0 0 nat (inside) 2 144.16.192.0 255.255.240.0 0 0 nat (inside) 1 10.96.0.0 255.224.0.0 0 0 nat (inside) 3 10.0.0.0 255.192.0.0 0 0 nat (inside) 4 10.128.0.0 255.128.0.0 0 0 static (inside,outside) 61.11.237.18 10.128.2.2 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.20 144.16.204.5 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.101 10.5.18.64 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.102 10.5.18.65 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.103 10.5.18.66 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.104 10.5.18.67 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.110 10.35.32.91 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.105 10.3.140.14 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.106 10.200.1.253 netmask 255.255.255.255 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 61.11.237.1 1 route inside 10.0.0.0 255.0.0.0 10.250.1.4 1 route inside 61.11.251.0 255.255.255.0 10.250.1.4 1 route inside 144.16.192.0 255.255.240.0 10.250.1.4 1 route inside 202.131.126.0 255.255.255.0 10.250.1.4 1 route inside 202.131.127.0 255.255.255.0 10.250.1.4 1 route inside 203.192.37.0 255.255.255.0 10.250.1.4 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute uauth 0:04:00 inactivity aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps no floodguard enable no sysopt route dnat telnet 10.250.1.100 255.255.255.255 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:9be391a075cae827d7c1da9b5e040b6b : end [OK]
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 59
15/12/2002
no logging event subif-link-status shutdown ! interface Vlan1 ip address 202.141.127.100 255.255.255.0 secondary ip address 203.197.98.1 255.255.255.0 secondary ip address 144.16.192.3 255.255.224.0 ip access-group 117 out no ip directed-broadcast no logging event subif-link-status bandwidth 1000000 hold-queue 1000 in hold-queue 1000 out ! interface Vlan2 no ip address no logging event subif-link-status shutdown ! router igrp 1 redistribute static network 202.141.127.0 network 203.197.98.0 ! no ip classless ip default-network 0.0.0.0 ip route 0.0.0.0 0.0.0.0 202.54.55.166 ip route 10.0.0.0 255.0.0.0 Vlan1 ip route 144.16.0.0 255.255.0.0 202.54.55.166 ip route 144.16.193.0 255.255.255.0 Vlan1 ip route 144.16.194.0 255.255.255.0 Vlan1 ip route 144.16.195.0 255.255.255.0 Vlan1 ip route 144.16.196.0 255.255.255.0 Vlan1 ip route 144.16.197.0 255.255.255.0 Vlan1 ip route 144.16.198.0 255.255.255.0 Vlan1 ip route 144.16.199.0 255.255.255.0 Vlan1 ip route 144.16.200.0 255.255.255.0 Vlan1 ip route 144.16.201.0 255.255.255.0 Vlan1 ip route 144.16.202.0 255.255.255.0 Vlan1 ip route 144.16.203.0 255.255.255.0 Vlan1 ip route 144.16.204.0 255.255.255.0 Vlan1 ip route 144.16.205.0 255.255.255.0 Vlan1 ip route 144.16.206.0 255.255.255.0 Vlan1 ip route 144.16.207.0 255.255.255.0 Vlan1 ip route 202.141.127.0 255.255.255.0 Vlan1 ip route 203.197.98.0 255.255.255.0 Vlan1 access-list 115 permit ip host 203.197.98.2 any access-list 115 permit ip host 203.197.98.3 any access-list 115 permit ip host 203.197.98.4 any access-list 115 permit ip host 203.197.98.5 any access-list 115 permit ip host 203.197.98.1 any access-list 115 permit ip host 203.197.98.9 any
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 61 15/12/2002
access-list 115 permit ip host 203.197.98.10 any access-list 115 permit ip host 203.197.98.11 any access-list 115 permit ip host 203.197.98.20 any access-list 115 permit ip host 203.197.98.21 any access-list 115 permit ip host 203.197.98.22 any access-list 115 permit ip host 203.197.98.23 any access-list 115 permit ip host 203.197.98.24 any access-list 115 permit ip host 203.197.98.25 any access-list 115 permit ip host 203.197.98.26 any access-list 115 permit ip host 203.197.98.27 any access-list 115 permit ip host 203.197.98.28 any access-list 115 permit ip host 203.197.98.201 any access-list 115 permit ip host 203.197.98.131 any access-list 115 permit ip host 202.141.127.2 any access-list 115 permit ip host 202.141.127.3 any access-list 115 permit ip host 202.141.127.4 any access-list 115 permit ip host 202.141.127.8 any access-list 115 permit ip host 202.141.127.11 any access-list 115 permit ip host 202.141.127.12 any access-list 115 permit ip host 202.141.127.131 any access-list 115 permit ip host 202.141.127.133 any access-list 115 permit ip host 144.16.192.1 any access-list 115 deny ip 202.141.127.0 0.0.0.255 any access-list 115 deny ip 203.197.98.0 0.0.0.255 any snmp-server community public RO ! line con 0 line aux 0 line vty 0 4 password cmc login ! end vmerry#logout
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 62
15/12/2002
rule block url-regex .*/root.exe rule block url-regex .*/readme\.eml rule block url-regex .*/default\.ida rule block url-regex ^http://.*/cmd\.exe rule block url-regex ^http://.*/root\.exe rule block url-regex ^http://.*/default\.ida ! ! transaction-logs enable ! ! username admin password 1 bVmDmMMmZAPjY username admin privilege 15 ! snmp-server community public ! ! ! authentication login local enable primary authentication configuration local enable primary ! ! ! ! ! ! ! CE-590#
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 64
15/12/2002
interface FastEthernet6 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet7 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet8 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet9 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet10 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet11 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet12 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet13 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet14 description Student_net no ip address no ip directed-broadcast
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 66 15/12/2002
bridge-group 1 ! interface FastEthernet15 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet16 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet17 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet18 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet19 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet20 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet21 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet22 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet23 description staff_net
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 67 15/12/2002
no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet24 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet25 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet26 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet27 description server_net no ip address ! interface FastEthernet28 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet29 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet30 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet31 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet32 description server_net
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 68 15/12/2002
no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet33 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet34 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet35 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet36 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet37 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet38 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet39 description proj2_net no ip address no ip directed-broadcast bridge-group 5 ! interface FastEthernet40 description proj2_net no ip address no ip directed-broadcast bridge-group 5 !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 69 15/12/2002
interface FastEthernet40.1 description project1net connected to 2924_hardwarelab encapsulation isl 494 no ip redirects no ip directed-broadcast bridge-group 4 ! interface FastEthernet40.2 description staffnet connected to 2924_hardwarelab encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 ! interface FastEthernet41 description proj2_net no ip address no ip directed-broadcast bridge-group 5 ! interface FastEthernet41.1 description staffnet connected to 2924_dtp room encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 ! interface FastEthernet41.2 description studentnet connected to 2924_dtp room encapsulation isl 497 no ip redirects no ip directed-broadcast bridge-group 1 ! interface FastEthernet41.3 description project1net connected to 2924_dtp room encapsulation isl 494 no ip redirects no ip directed-broadcast bridge-group 4 nterface FastEthernet42 description proj2_net no ip address no ip directed-broadcast bridge-group 5 nterface FastEthernet42.1 description STUDENT_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 497 no ip redirects no ip directed-broadcast
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 70 15/12/2002
bridge-group 1 nterface FastEthernet42.2 description STAFF_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 nterface FastEthernet42.3 description SERVER_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 495 no ip redirects no ip directed-broadcast bridge-group 3 nterface FastEthernet42.4 description PROJECT1_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 494 no ip redirects no ip directed-broadcast bridge-group 4 nterface FastEthernet43 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet44 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet45 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet46 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet46.1 description project1net connected to 2924_ab roo encapsulation isl 494 no ip redirects no ip directed-broadcast
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 71 15/12/2002
bridge-group 4 nterface FastEthernet46.2 description staffnet connected to 2924_ab room encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 nterface FastEthernet47 description interdepartmental_2 no ip address no ip directed-broadcast bridge-group 7 nterface FastEthernet48 description interdepartmental_2 no ip address no ip directed-broadcast bridge-group 7 nterface GigabitEthernet49 no ip address no ip directed-broadcast nterface GigabitEthernet49.1 description Valid_ip encapsulation isl 2 no ip redirects no ip directed-broadcast bridge-group 8 nterface GigabitEthernet49.2 description CSC_Core_Vlan encapsulation isl 503 no ip redirects no ip directed-broadcast bridge-group 9 nterface GigabitEthernet49.3 description interdepartmental2_vlan encapsulation isl 499 no ip redirects no ip directed-broadcast bridge-group 7 nterface GigabitEthernet49.4 description interdepartmental1_vlan encapsulation isl 498 no ip redirects no ip directed-broadcast bridge-group 6
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 72 15/12/2002
nterface GigabitEthernet49.5 description THAICOM VLAN encapsulation isl 645 no ip redirects no ip directed-broadcast bridge-group 10 nterface GigabitEthernet49.6 description staffnet encapsulation isl 38 no ip redirects no ip directed-broadcast bridge-group 2 nterface GigabitEthernet49.7 encapsulation isl 39 no ip redirects no ip directed-broadcast bridge-group 4 nterface GigabitEthernet50 no ip address no ip directed-broadcast shutdown nterface BVI1 description student_net ip address 10.5.16.2 255.255.255.0 ip helper-address 10.5.17.255 ip helper-address 10.5.18.255 ip directed-broadcast nterface BVI2 description staff_net ip address 10.5.17.2 255.255.255.0 ip helper-address 10.5.18.255 ip directed-broadcast nterface BVI3 ip address 10.5.18.2 255.255.255.0 ip helper-address 10.5.17.255 ip directed-broadcast nterface BVI4 ip address 10.5.19.2 255.255.255.0 ip helper-address 10.5.18.255 ip helper-address 10.5.17.255 ip directed-broadcast nterface BVI5 ip address 10.5.20.2 255.255.255.0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 73 15/12/2002
no ip directed-broadcast nterface BVI6 no ip address no ip directed-broadcast ! interface BVI8 description Valid_vlan no ip address no ip directed-broadcast ! interface BVI9 ip address 10.153.1.1 255.255.0.0 no ip directed-broadcast ! interface BVI10 no ip address no ip directed-broadcast ! router ospf 109 redistribute rip subnets network 10.0.0.0 0.255.255.255 area 0 ! router rip redistribute ospf 109 passive-interface BVI9 network 10.0.0.0 default-metric 10 ! ip classless ip forward-protocol udp xdmcp ip forward-protocol udp ntp ! snmp-server community public RO bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip bridge 3 protocol ieee bridge 3 route ip bridge 4 protocol ieee bridge 4 route ip bridge 5 protocol ieee bridge 5 route ip bridge 6 protocol ieee bridge 6 route ip bridge 7 protocol ieee bridge 7 route ip bridge 8 protocol ieee bridge 8 route ip bridge 9 protocol ieee bridge 9 route ip
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 74 15/12/2002
bridge 10 protocol ieee bridge 10 route ip ! line con 0 transport input none line aux 0 line vty 0 4 password cse5 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 75
15/12/2002
switchport access vlan 18 ! interface FastEthernet0/8 switchport access vlan 18 ! interface FastEthernet0/9 switchport access vlan 18 ! interface FastEthernet0/10 switchport access vlan 18 ! interface FastEthernet0/11 switchport access vlan 18 ! interface FastEthernet0/12 switchport access vlan 18 ! interface FastEthernet0/13 switchport access vlan 18 ! interface FastEthernet0/14 switchport access vlan 18 ! interface FastEthernet0/15 switchport access vlan 18 ! interface FastEthernet0/16 switchport access vlan 18 ! interface FastEthernet0/17 switchport access vlan 18 ! interface FastEthernet0/18 switchport access vlan 18 ! interface FastEthernet0/19 switchport access vlan 18 ! interface FastEthernet0/20 switchport access vlan 18 ! interface FastEthernet0/21 switchport access vlan 18 ! interface FastEthernet0/22 switchport access vlan 18 ! interface FastEthernet0/23 switchport access vlan 18 ! interface FastEthernet0/24 switchport access vlan 18
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 77 15/12/2002
! interface GigabitEthernet1/1 switchport access vlan 18 ! ip default-gateway 10.27.1.2 snmp-server community private RW snmp-server community public RO snmp-server chassis-id 0x10 ! line con 0 stopbits 1 line vty 0 4 password arch27 login line vty 5 9 login ! end
_______________________________________________ Configuration of 1924 installed at Architecture. _______________________________________________ Catalyst 1900 - IP Configuration Ethernet Address: 00-06-28-D9-B6-00 ----------------------- Settings --------------------------------------[I] IP address 10.27.2.1 [S] Subnet mask 255.255.0.0 [G] Default gateway 10.27.1.2 [B] Management bridge group 1 (always) [M] IP address of DNS server 1 0.0.0.0 [N] IP address of DNS server 2 0.0.0.0 [D] Domain name [R] Use Routing Information Protocol Enabled ----------------------- Actions ---------------------------------------[P] Ping [C] Clear cached DNS entries [X] Exit to previous menu
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 78
15/12/2002
(B) IE & M:
IEM# sh run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname IEM ! enable secret 5 $1$qDLu$7L.O.t7hdeZiEMUbAk6bh1 ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 switchport access vlan 10 ! interface FastEthernet0/2 switchport access vlan 10 ! interface FastEthernet0/3 switchport access vlan 10 ! interface FastEthernet0/4 switchport access vlan 10 ! interface FastEthernet0/5 switchport access vlan 10 ! interface FastEthernet0/6 switchport access vlan 10 ! interface FastEthernet0/7 switchport access vlan 10 ! interface FastEthernet0/8 switchport access vlan 10 ! interface FastEthernet0/9 switchport access vlan 10 ! interface FastEthernet0/10
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 79 15/12/2002
switchport access vlan 10 ! interface FastEthernet0/11 switchport access vlan 10 ! interface FastEthernet0/12 switchport access vlan 10 ! interface FastEthernet0/13 switchport access vlan 10 ! interface FastEthernet0/14 switchport access vlan 10 ! interface FastEthernet0/15 switchport access vlan 10 ! interface FastEthernet0/16 switchport access vlan 10 ! interface FastEthernet0/17 switchport access vlan 10 ! interface FastEthernet0/18 switchport access vlan 10 ! interface FastEthernet0/19 switchport access vlan 10 ! interface FastEthernet0/20 switchport access vlan 10 ! interface FastEthernet0/21 switchport access vlan 10 ! interface FastEthernet0/22 switchport access vlan 10 ! interface FastEthernet0/23 switchport access vlan 10 ! interface FastEthernet0/24 switchport access vlan 10 ! interface GigabitEthernet0/1 switchport access vlan 10 switchport trunk allowed vlan 1,10,1002-1005 switchport mode trunk ! interface GigabitEthernet0/2 ! interface VLAN1
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 80 15/12/2002
no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN10 ip address 10.29.1.1 255.255.0.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 10.29.1.2 snmp-server engineID local 000000090200000628F1D100 snmp-server community private RW ! line con 0 transport input none stopbits 1 line vty 0 4 password iem29 login line vty 5 15 password iem29 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 81
15/12/2002
(C) NAVAL:
NAVAL# sh run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname NAVAL ! enable secret 5 $1$EZdN$2Zwnhv0ktj48jUb8gJ1HJ. ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 switchport access vlan 11 ! interface FastEthernet0/2 switchport access vlan 11 ! interface FastEthernet0/3 switchport access vlan 11 ! interface FastEthernet0/4 switchport access vlan 11 ! interface FastEthernet0/5 switchport access vlan 11 ! interface FastEthernet0/6 switchport access vlan 11 ! interface FastEthernet0/7 switchport access vlan 11 ! interface FastEthernet0/8 switchport access vlan 11 !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 82 15/12/2002
interface FastEthernet0/9 switchport access vlan 11 ! interface FastEthernet0/10 switchport access vlan 11 ! interface FastEthernet0/11 switchport access vlan 11 ! interface FastEthernet0/12 switchport access vlan 11 ! interface FastEthernet0/13 switchport access vlan 11 ! interface FastEthernet0/14 switchport access vlan 11 ! interface FastEthernet0/15 switchport access vlan 11 ! interface FastEthernet0/16 switchport access vlan 11 ! interface FastEthernet0/17 switchport access vlan 11 ! interface FastEthernet0/18 switchport access vlan 11 ! interface FastEthernet0/19 switchport access vlan 11 ! interface FastEthernet0/20 switchport access vlan 11 ! interface FastEthernet0/21 switchport access vlan 11 ! interface FastEthernet0/22 switchport access vlan 11 ! interface FastEthernet0/23 switchport access vlan 11 ! interface FastEthernet0/24 switchport access vlan 11 ! interface GigabitEthernet0/1 switchport access vlan 11 switchport trunk allowed vlan 1,11,1002-1005 switchport mode trunk
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 83 15/12/2002
! interface GigabitEthernet0/2 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN11 ip address 10.24.1.1 255.255.0.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 10.24.1.2 snmp-server engineID local 0000000902000006530F3940 snmp-server community private RW snmp-server community public RO ! line con 0 transport input none stopbits 1 line vty 0 4 password naval24 login line vty 5 15 password naval24 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 84
15/12/2002
(D) CRF:
CRF# sh run Building configuration... Current configuration: ! version 11.2 no service pad no service udp-small-servers no service tcp-small-servers ! hostname CRF ! enable secret 5 $1$MyCd$gtAw7RYfT5bu1q5hxQ6aA/ ! ! ! ! interface VLAN1 no ip address no ip route-cache shutdown ! interface VLAN17 ip address 10.42.1.1 255.255.0.0 no ip route-cache ! interface FastEthernet0/1 switchport access vlan 17 ! interface FastEthernet0/2 switchport access vlan 17 ! interface FastEthernet0/3 switchport access vlan 17 ! interface FastEthernet0/4 switchport access vlan 17 ! interface FastEthernet0/5 switchport access vlan 17 ! interface FastEthernet0/6 switchport access vlan 17 ! interface FastEthernet0/7 switchport access vlan 17 ! interface FastEthernet0/8 switchport access vlan 17
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 85 15/12/2002
! interface FastEthernet0/9 switchport access vlan 17 ! interface FastEthernet0/10 switchport access vlan 17 ! interface FastEthernet0/11 switchport access vlan 17 ! interface FastEthernet0/12 switchport access vlan 17 ! interface FastEthernet0/13 switchport access vlan 17 ! interface FastEthernet0/14 switchport access vlan 17 ! interface FastEthernet0/15 switchport access vlan 17 ! interface FastEthernet0/16 switchport access vlan 17 ! interface FastEthernet0/17 switchport access vlan 17 ! interface FastEthernet0/18 switchport access vlan 17 ! interface FastEthernet0/19 switchport access vlan 17 ! interface FastEthernet0/20 switchport access vlan 17 ! interface FastEthernet0/21 switchport access vlan 17 ! interface FastEthernet0/22 switchport access vlan 17 ! interface FastEthernet0/23 switchport access vlan 17 ! interface FastEthernet0/24 switchport access vlan 17 ! interface GigabitEthernet1/1 switchport access vlan 17 !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 86 15/12/2002
ip default-gateway 10.42.1.2 snmp-server community private RW snmp-server community public RO snmp-server chassis-id 0x10 ! line con 0 stopbits 1 line vty 0 4 password crf42 login line vty 5 9 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 87
15/12/2002
17. DISTRIBUTION Switch Configuration details of some Hostel (A) NEHRU Hall Distribution Cisco Catalyst 6509 Switch:
Cisco Systems Console Enter password: Console> en Enter password: Console> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. .................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Sep 12 2002, 04:45:58 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$0o8Z$Uzhvc1xPbFk4WnBzZ03zI0 set enablepass $2$CBqb$n64swmlNxNXQ9QOVlxpSO0 ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain NEHRU set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 613 name NEHRU_CORE1 type ethernet mtu 1500 said 100613 state active set vlan 614 name NEHRU_CORE2 type ethernet mtu 1500 said 100614 state active set vlan 815 name NEHRU_A_GND type ethernet mtu 1500 said 100815 state active set vlan 816 name NEHRU_B_GND type ethernet mtu 1500 said 100816 state active set vlan 817 name NEHRU_B_1ST type ethernet mtu 1500 said 100817 state active set vlan 818 name NEHRU_B_2ND type ethernet mtu 1500 said 100818 state active set vlan 819 name NEHRU_C_GND type ethernet mtu 1500 said 100819 state active set vlan 820 name NEHRU_C_1ST type ethernet mtu 1500 said 100820 state active set vlan 821 name NEHRU_C_2ND type ethernet mtu 1500 said 100821 state active
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 88 15/12/2002
set vlan 822 name NEHRU_D_GND type ethernet mtu 1500 said 100822 state active set vlan 823 name NEHRU_D_1ST type ethernet mtu 1500 said 100823 state active set vlan 824 name NEHRU_D_2ND type ethernet mtu 1500 said 100824 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 640-641 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.108/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 640 1/1 ! #module 2 empty ! #module 3 : 16-port 1000BaseX Ethernet set udld enable 3/13 clear trunk 3/1 2-814,816-1005,1025-4094 set trunk 3/1 on isl 1,815 clear trunk 3/2 2-815,817-1005,1025-4094 set trunk 3/2 on isl 1,816 clear trunk 3/3 2-816,818-1005,1025-4094 set trunk 3/3 on isl 1,817 clear trunk 3/4 2-639,642-817,819-1005,1025-4094 set trunk 3/4 on isl 1,640-641,818 clear trunk 3/5 2-818,820-1005,1025-4094 set trunk 3/5 on isl 1,819 clear trunk 3/6 2-819,821-1005,1025-4094 set trunk 3/6 on isl 1,820 clear trunk 3/7 2-820,822-1005,1025-4094 set trunk 3/7 on isl 1,821 clear trunk 3/8 2-821,823-1005,1025-4094 set trunk 3/8 on isl 1,822 clear trunk 3/9 2-822,824-1005,1025-4094 set trunk 3/9 on isl 1,823 clear trunk 3/10 2-823,825-1005,1025-4094
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 89 15/12/2002
set trunk 3/10 on isl 1,824 set trunk 3/13 on isl 1-1005,1025-4094 clear trunk 3/15 2-612,614-639,642-1005,1025-4094 set trunk 3/15 on isl 1,613,640-641 clear trunk 3/16 2-613,615-1005,1025-4094 set trunk 3/16 on isl 1,614 ! #module 4 empty ! #module 5 : 0-port Switch Fabric Module ! #module 6 empty ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 empty end Console> (enable) Cisco Systems Console
Enter password: Console> session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. NEHRU>en Password: NEHRU#sh run Building configuration... Current configuration : 4136 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname NEHRU
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 90 15/12/2002
! boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1 enable password core1 ! ip subnet-zero ! ! no ip finger ip domain-name nehru.iitkgp.ernet.in ip name-server 10.129.100.14 ip name-server 10.128.2.2 ip name-server 144.16.192.55 ip dhcp database ftp://dhcplog:dhcplog@10.129.100.14/router-dhcp write-delay 120 ip dhcp excluded-address 10.108.1.1 10.108.1.31 ip dhcp excluded-address 10.108.2.1 10.108.2.31 ip dhcp excluded-address 10.108.3.1 10.108.3.31 ip dhcp excluded-address 10.108.4.1 10.108.4.31 ip dhcp excluded-address 10.108.5.1 10.108.5.31 ip dhcp excluded-address 10.108.6.1 10.108.6.31 ip dhcp excluded-address 10.108.7.1 10.108.7.31 ip dhcp excluded-address 10.108.8.1 10.108.8.31 ip dhcp excluded-address 10.108.9.1 10.108.9.31 ip dhcp excluded-address 10.108.10.1 10.108.10.31 ! ip dhcp pool NEHRU network 10.108.0.0 255.255.0.0 domain-name nehru.iitkgp.ernet.in dns-server 10.129.100.14 10.128.2.2 144.16.192.55 netbios-name-server 10.129.100.14 10.128.2.2 netbios-node-type h-node ! ip dhcp pool NEHRU_A_GND network 10.108.1.0 255.255.255.0 default-router 10.108.1.2 ! ip dhcp pool NEHRU_B_GND network 10.108.2.0 255.255.255.0 default-router 10.108.2.2 ! ip dhcp pool NEHRU_B_1ST network 10.108.3.0 255.255.255.0 default-router 10.108.3.2 ! ip dhcp pool NEHRU_B_2ND network 10.108.4.0 255.255.255.0 default-router 10.108.4.2 ! ip dhcp pool NEHRU_C_GND network 10.108.5.0 255.255.255.0 default-router 10.108.5.2
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 91 15/12/2002
! ip dhcp pool NEHRU_C_1ST network 10.108.6.0 255.255.255.0 default-router 10.108.6.2 ! ip dhcp pool NEHRU_C_2ND network 10.108.7.0 255.255.255.0 default-router 10.108.7.2 ! ip dhcp pool NEHRU_D_GND network 10.108.8.0 255.255.255.0 default-router 10.108.8.2 ! ip dhcp pool NEHRU_D_1ST network 10.108.10.0 255.255.255.0 default-router 10.108.10.2 ! ip dhcp pool NEHRU_D_2ND network 10.108.9.0 255.255.255.0 default-router 10.108.9.2 ! ip multicast-routing ! ! ! interface Vlan613 description NEHRU TO FOUNDATION CORE1 ip address 10.200.13.2 255.255.255.0 ip pim dense-mode ! interface Vlan614 description NEHRU TO FOUNDATION CORE2 ip address 10.200.14.2 255.255.255.0 ip pim dense-mode ! interface Vlan815 description NEHRU TO BLOCK A GROUND FLOOR ip address 10.108.1.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan816 description NEHRU TO BLOCK B GROUND FLOOR ip address 10.108.2.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan817 description NEHRU TO BLOCK B 1ST FLOOR ip address 10.108.3.2 255.255.255.0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 92 15/12/2002
ip access-group 8 out ip pim dense-mode ! interface Vlan818 description NEHRU TO BLOCK B 2ND FLOOR ip address 10.108.4.2 255.255.255.0 ip pim dense-mode ! interface Vlan819 description NEHRU TO BLOCK C GND FLOOR ip address 10.108.5.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan820 description NEHRU TO BLOCK C 1ST FLOOR ip address 10.108.6.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan821 description NEHRU TO BLOCK C 2ND FLOOR ip address 10.108.7.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan822 description NEHRU TO BLOCK D GND FLOOR ip address 10.108.8.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan823 description NEHRU TO BLOCK D 2ND FLOOR ip address 10.108.9.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan824 description NEHRU TO BLOCK D 1ST FLOOR ip address 10.108.10.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! router ospf 109 log-adjacency-changes network 10.108.0.0 0.0.255.255 area 108 network 10.200.0.0 0.0.255.255 area 0 ! ip classless
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 93 15/12/2002
ip route 0.0.0.0 0.0.0.0 10.200.13.1 150 no ip http server ! access-list 8 deny 144.16.192.1 access-list 8 deny 144.16.192.213 access-list 8 deny 144.16.192.216 access-list 8 deny 144.16.192.217 access-list 8 permit any ! ! line con 0 transport input none line vty 0 4 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 94
15/12/2002
set vlan 792 name PATEL_D_GND type ethernet mtu 1500 said 100792 state active set vlan 793 name PATEL_D_1ST type ethernet mtu 1500 said 100793 state active set vlan 794 name PATEL_D_2ND type ethernet mtu 1500 said 100794 state active set vlan 852 name PATEL_ZH1 type ethernet mtu 1500 said 100852 state active set vlan 853 name PATEL_ZH2 type ethernet mtu 1500 said 100853 state active set vlan 854 name PATEL_ZH3 type ethernet mtu 1500 said 100854 state active set vlan 855 name PATEL_ZH4 type ethernet mtu 1500 said 100855 state active set vlan 856 name PATEL_ZH5 type ethernet mtu 1500 said 100856 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 640-641 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.109/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #dns set ip dns server 10.128.2.2 primary set ip dns enable set ip dns domain net.iitkgp.ernet.in ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 640 1/1 set trunk 1/2 on isl 1-1005,1025-4094 ! #module 2 empty ! #module 3 : 16-port 1000BaseX Ethernet clear trunk 3/1 2-639,642-784,786-1005,1025-4094 set trunk 3/1 on isl 1,640-641,785 clear trunk 3/2 2-785,787-1005,1025-4094 set trunk 3/2 on isl 1,786 clear trunk 3/3 2-786,788-1005,1025-4094 set trunk 3/3 on isl 1,787 clear trunk 3/4 2-787,789-1005,1025-4094 set trunk 3/4 on isl 1,788 clear trunk 3/5 2-788,790-1005,1025-4094
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 96 15/12/2002
set trunk 3/5 on isl 1,789 clear trunk 3/6 2-789,791-1005,1025-4094 set trunk 3/6 on isl 1,790 clear trunk 3/7 2-790,792-1005,1025-4094 set trunk 3/7 on isl 1,791 clear trunk 3/8 2-791,793-1005,1025-4094 set trunk 3/8 on isl 1,792 clear trunk 3/9 2-792,794-1005,1025-4094 set trunk 3/9 on isl 1,793 clear trunk 3/10 2-793,795-1005,1025-4094 set trunk 3/10 on isl 1,794 clear trunk 3/11 2-851,857-1005,1025-4094 set trunk 3/11 on isl 1,852-856 clear trunk 3/12 2-851,857-1005,1025-4094 set trunk 3/12 on isl 1,852-856 clear trunk 3/13 2-851,857-1005,1025-4094 set trunk 3/13 on isl 1,852-856 clear trunk 3/14 2-851,857-1005,1025-4094 set trunk 3/14 on isl 1,852-856 clear trunk 3/15 2-614,616-639,642-1005,1025-4094 set trunk 3/15 on isl 1,615,640-641 clear trunk 3/16 2-615,617-855,857-1005,1025-4094 set trunk 3/16 on isl 1,616,856 ! #module 4 empty ! #module 5 : 0-port Switch Fabric Module ! #module 6 empty ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 empty end patel-core> (enable) PATEL# 1w0d: %DHCPD-3-WRITE_ERROR: DHCP could not write bindings to ftp://dhcp:address@ 10.129.100.15/patel-dhcp. PATEL# PATEL# PATEL#sh run Building configuration...
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 97 15/12/2002
Current configuration : 6019 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PATEL ! boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1 netbios name-cache cache-add-name netbios name-cache name-len 16 enable password core1 ! ip subnet-zero ! ! no ip finger ip domain-list iitkgp.ernet.in. ip domain-name patel.iitkgp.ernet.in ip name-server 10.128.2.2 ip name-server 144.16.192.55 ip name-server 10.129.100.15 ip dhcp database ftp://dhcp:address@10.129.100.15/patel-dhcp write-delay 120 ip dhcp excluded-address 10.109.1.1 10.109.1.31 ip dhcp excluded-address 10.109.2.1 10.109.2.31 ip dhcp excluded-address 10.109.3.1 10.109.3.31 ip dhcp excluded-address 10.109.4.1 10.109.4.31 ip dhcp excluded-address 10.109.5.1 10.109.5.31 ip dhcp excluded-address 10.109.6.1 10.109.6.31 ip dhcp excluded-address 10.109.7.1 10.109.7.31 ip dhcp excluded-address 10.109.8.1 10.109.8.31 ip dhcp excluded-address 10.109.9.1 10.109.9.31 ip dhcp excluded-address 10.109.10.1 10.109.10.31 ip dhcp excluded-address 10.114.1.1 10.114.1.31 ip dhcp excluded-address 10.114.2.1 10.114.2.31 ip dhcp excluded-address 10.114.3.1 10.114.3.31 ip dhcp excluded-address 10.114.4.1 10.114.4.31 ip dhcp excluded-address 10.114.5.1 10.114.5.31 ! ip dhcp pool PATEL_A_GND network 10.109.1.0 255.255.255.0 default-router 10.109.1.2 ! ip dhcp pool PATEL_B_GND network 10.109.2.0 255.255.255.0 default-router 10.109.2.2 ! ip dhcp pool PATEL_B_1ST network 10.109.3.0 255.255.255.0
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 98 15/12/2002
default-router 10.109.3.2 ! ip dhcp pool PATEL_B_2ND network 10.109.4.0 255.255.255.0 default-router 10.109.4.2 ! ip dhcp pool PATEL_C_GND+GND1 network 10.109.5.0 255.255.255.0 default-router 10.109.5.2 ! ip dhcp pool PATEL_C_1ST network 10.109.6.0 255.255.255.0 default-router 10.109.6.2 ! ip dhcp pool PATEL_C_2ND+2ND1 network 10.109.7.0 255.255.255.0 default-router 10.109.7.2 ! ip dhcp pool PATEL_D_GND network 10.109.8.0 255.255.255.0 default-router 10.109.8.2 ! ip dhcp pool PATEL_D_1ST network 10.109.9.0 255.255.255.0 default-router 10.109.9.2 ! ip dhcp pool PATEL_D_2ND network 10.109.10.0 255.255.255.0 default-router 10.109.10.2 ! ip dhcp pool PATEL network 10.109.0.0 255.255.0.0 domain-name patel.iitkgp.ernet.in dns-server 10.129.100.15 10.128.2.2 144.16.192.55 netbios-name-server 10.129.100.15 10.128.2.2 netbios-node-type h-node ! ip dhcp pool ZH_1_GND network 10.114.1.0 255.255.255.0 default-router 10.114.1.2 ! ip dhcp pool ZH_2_GND network 10.114.2.0 255.255.255.0 default-router 10.114.2.2 ! ip dhcp pool ZH_3_GND network 10.114.3.0 255.255.255.0 default-router 10.114.3.2 ! ip dhcp pool ZH_4_GND
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 99 15/12/2002
network 10.114.4.0 255.255.255.0 default-router 10.114.4.2 ! ip dhcp pool ZH_5_GND network 10.114.5.0 255.255.255.0 default-router 10.114.5.2 ! ip dhcp pool patel ! ip dhcp pool ZH network 10.114.0.0 255.255.255.0 domain-name zh.iitkgp.ernet.in dns-server 10.128.2.2 144.16.192.55 netbios-name-server 10.128.2.2 netbios-node-type h-node ! ip multicast-routing ! ! ! interface Vlan615 description PATEL TO CIC CORE1 ip address 10.200.15.2 255.255.255.0 ip helper-address 10.128.2.2 ip pim dense-mode ! interface Vlan616 description PATEL TO CIC CORE2 ip address 10.200.16.2 255.255.255.0 ip helper-address 10.128.2.2 ip pim dense-mode ! interface Vlan785 description PATEL TO BLOCK A GROUND FLOOR ip address 10.109.1.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan786 description PATEL TO BLOCK B GROUND FLOOR ip address 10.109.2.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan787 description PATEL TO BLOCK B 1ST FLOOR ip address 10.109.3.2 255.255.255.0 ip access-group 9 out ip pim dense-mode !
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 100 15/12/2002
interface Vlan788 description PATEL TO BLOCK B 2ND FLOOR ip address 10.109.4.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan789 description PATEL TO BLOCK C GROUND FLOOR ip address 10.109.5.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan790 description PATEL TO BLOCK C 1ST FLOOR ip address 10.109.6.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan791 description PATEL TO BLOCK C 2ND FLOOR ip address 10.109.7.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan792 description PATEL TO BLOCK D GND FLOOR ip address 10.109.8.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan793 description PATEL TO BLOCK D 1ST FLOOR ip address 10.109.9.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan794 description PATEL TO BLOCK D 2ND FLOOR ip address 10.109.10.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan852 description PATEL TO ZH BLOCK 1 GROUND FLOOR ip address 10.114.1.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan853 description PATEL TO ZH BLOCK 2 GROUND FLOOR
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 101 15/12/2002
ip address 10.114.2.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan854 description PATEL TO ZH BLOCK 3 GROUND FLOOR ip address 10.114.3.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan855 description PATEL TO ZH BLOCK 4 GROUND FLOOR ip address 10.114.4.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan856 description PATEL TO ZH BLOCK 5 GROUND FLOOR ip address 10.114.5.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! router ospf 109 log-adjacency-changes summary-address 10.109.0.0 255.255.0.0 network 10.109.0.0 0.0.255.255 area 109 network 10.114.0.0 0.0.255.255 area 114 network 10.200.0.0 0.0.255.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.200.15.1 150 no ip http server ! access-list 9 deny 144.16.192.1 access-list 9 deny 144.16.192.213 access-list 9 deny 144.16.192.216 access-list 9 deny 144.16.192.217 access-list 9 permit any ! ! line con 0 transport input none line vty 0 4 login ! end
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 102
15/12/2002
The active and standby supervisor engines must be in slots 1 & 2. Each supervisor engine must have the resources to run the switch on its own,which means all supervisor engine resources are duplicated.In other words, each supervisor engine has its own flash device and console port connections. Both supervisor engines must have the same system image.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 103
15/12/2002
Supervisor Engine- 1
10.162.1.1
Vlan 721
10.161.1.2
Vlan 722
10.162.1.2
Distribution 2
Core Switch
Distribution 1
Switchover from one to another Supervisor engine takes only 2 min 45 seconds
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 104
15/12/2002
# QoS Implementation.
G AT E W AY R O UTE R
E1 61. 11. 237. 1/ 25
S 0 - 2 03. 192 . 34 . 22 6 / 3 0
M O DE M D VB RE CE IVE R
F IR EW ALL
10. 250. 1. 4 / 24 10. 250. 1. 2 / 24
10. 200. 10. 1 D ISTR IB UTION 1 10. 101. 0. 0 10. 200. 10. 2 D ISTR IB UTION 1 10. 1. 0. 0
C OR E
D IST 2
10. 0. 0 . 0 / 10 AC AD E M IC NE TW OR K
L in k U t iliz a t io n R e p o rt w h e n th e re is n o P o lic y
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 105
15/12/2002
PO L IC Y IM PL EM EN TATIO N
Traffic policy im plem ented f or all traffic com ing to the 1/1 p ort of th e core sw itch w hich is conn ected to f irew all V LA N #qos set qo s e nable set qo s policer a ggregate qo s_te st rate 2000 burst 2000 drop set qo s acl ip tcp_co nt d scp 0 aggregate qo s_te st tcp any a ny co mmit qo s acl all set port qos 1/1 vla n-ba sed set qo s acl map tcp_co nt 650
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 106
15/12/2002
Sha p ing is no t P o s s ib le w it h C a t O S
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 107
15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 108
15/12/2002
# Cache-Engine Implementation.
I nternet
F IREW ALL IR EW
F irew a ll V la n
FIR E W AL L V L AN CONF Int V la n 6 5 0 IP : 1 0.2 5 0.1.4 Ip w cc p w eb ebo ut ca c h e r e d ir ect
S E R V E RFA R M VE R FA CDM
C a ch e E ng in e C o n fig
F O UN D AT IO N C ORE
H all D ist
W ccp ro uter - lis t 1 1 0.1 2 9.5 0.2 W ccp w e b - ca c h e ro ut er - list - nu m 1 ber- listW ccp ve rsio n 2
Through a g rap hical W eb-brow ser-bas ed us er, the netw ork adm inist rator can enab le content provide rs across the com pa ny to im port and distribute rich lea rnin g or com m unications using the netw o rk setting s he ld by the CDM .
The CDM en able s the adm inistrator to m o nitor the health of the e ntire delivery netw ork, includ ing all th e Cisco Cont ent Eng ine s located at end user sites.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 109
15/12/2002
Cisco CEs w ork in conjunction with t he ex isting n etw ork infrast ructure to localize traffic, rather tha n pull rich files over t he W AN . By stream ing rich m edia locally, enterprises can no w delive r hig herbandw idth a nd su bseq uently high er-im pact inform ation to th e le arn er. Content eng ine s can also b e used to cache static or stream ing W e b content from sites such as Ya hoo.co m or CN N .com for better n etwork perform a nce, and eve n to block or filte r nonprod uctive, nonbusines s W eb sites fo r im proved p roductivity.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 110
15/12/2002
CONCURRENT CONNECTIONS
The total number of Concurrent connections is the total no of HT TP flows the CE can service at any single point in time. That is, how long it how takes to do wnload the average HTTP object. Max concurrent connections Req = TPS * Avg HTTP flow hold time(s ec) As an example, if the average http flow hold time is 3 seconds(typically seconds(typically what w e observe on the internet today), and we are servicing 150 TPS, we end up with the CE servicing an average total of 450 concurrent concurrent connections at any point in time. Max concurrent connections req = 150(TPS) * 3(sec/request) = 450 concurrent connection Generally speaking the maximum number of concurrent connections that a CE supports is significantly higher than required.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 111
15/12/2002
DISK SPACE
In order to allo w a CE to function that is, cache content objects need to spend some period of time in the CE. The minimum cache storag e time should be around 24 hours, preferably up to 72 hours, to maximize maximize cache savings. Cache Storag e required for 24 Hours = Storage Avg TPS * Avg Object size(bytes) * seconds in 24 hours * (1 -anticip ated byte hit rate) ---------------------------------------------------------------- -------------------Bytes in a gigabytes W orking in the assumption that we are going to see a daily average of average 100 TPS (~10 mbit/sec)an average HTTP object size of 9.5 kbytes and an anticipated cache hit ratio of 35% , we end up with Cache Storag e req for 24 hours = 100*9500*86400*(1-0.35) Storage 100*9500*86400*(1--------------------------------1, 000, 000, 000 = 53. 352 gigabytes So the min number of CE req for 24 hours caching = 7 (Hard disk capacity of each CE is 8 G B).
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 112
15/12/2002
Savings Statistics
Savings Statistics
Performance Statistics
Savings Statistics
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 113
15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 117
15/12/2002
Caching Benefits
Optimizing the Storage Lower Response Time Increased Availability
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 119
15/12/2002
19. Network Components installed across the Network (A) ACADEMIC AREA: Sl. No 1 2 3 4 5 6
7 8 9 10 11
Equipment Name
Cisco Catalyst 6506 Switch Cisco CDM 4650 Cisco IPTV Cisco Catalyst 6006 Switch Cisco 4006 Switch Cisco 2949 GL3 Switch Cisco 3524 XL-EN Switch Cisco 3524 PWR-XL Switch Cisco 2924 MXL Switch Cisco 2924 XL-EN Switch Cisco 1924 Switch
Description
Server Farm Switch Content Distribution Manager IPTV Servers Distribution Switch L2 Supervisor Engine L3 Switch installed at major depts. L2 Switch with L3 Functionality Above with IP telephony feature L2 Switch with Fiber Port L2 Switch with L3 Functionality w/o Fiber Port Access Switch
Quantity
1 1 3 2 3 10 27 10 30 30 80
Description
Hostel Distribution Switch Content Engine Access Switch Access Switch
Quantity
14 14 163 8
Description
Core Switch Departmental Distribution Switch Thaicom Gateway Router VSNL Router Firewall with failover Cache Engine Thaicom Rx Path Thaicom Tx Path
Quantity
3 1 1 1 1 1 1 1
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 120
15/12/2002
(A)
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 121
15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 122
15/12/2002
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 123
15/12/2002
21. GLOSSARY
The Cisco Catalyst 6500 Series delivers exceptional scalability, price, and performance, supporting a wide range of interface densities, performance, and high-availability options, including: Flexible 3-, 6-, 9-, and 13-slot chassis configurations that allow one platform to be deployed in wiring closet, core, data center, and WAN edge Fast 2-3 second stateful failover of redundant supervisors and integrated services Scalable high-performance switching fabric and forwarding engine architecture currently delivering up to 210 Mpps Interface options from 10 Mbps to 10 Gbps Ethernet and DS0 to OC-48 WAN interfaces as well as integrated services modules Advanced wire-rate quality-of-service (QoS) and access-control-list (ACL) policy management
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 124
15/12/2002
Building Intelligent Networks Feature-rich CatOS and Cisco IOS Software choices supported on all supervisor forwarding engines Common CLI with Cisco Catalyst 5000/5500 Series for operational consistency and easy migration Industry's highest-performance Layer 4-7 content switching capabilities, including integrated server load balancing with 200,000 concurrent connections per second Integrated multigigabit network security (firewall, intrusion detection, Secure Sockets Layer [SSL], and virtual private network [VPN]) and network analysis modules (NAMs) User-upgradable IP telephony support for up to 576 ports with high-density public switched telephone network (PSTN) or private branch exchange (PBX) gateway (8 T1 or E1s per module) and traditional phone or fax support (24 foreign exchange station [FXS] ports per module) for maximum investment protection As a key component of Cisco AVVID (Architecture for Voice, Video and Integrated Data), the Cisco Catalyst 6500 Series provides unprecedented business agility by enabling the enterprise to rapidly deploy new Internet business applications in order to boost revenue and reduce operational costs. Network policy can be applied end to end based on Layer 2, 3, and 4 information such as specific users, IP addresses, or applications. Coupled with application intelligence, QoS mechanisms, and security, customers can more effectively use their network for increased client services such as multicast and workforce optimization, e-commerce, e-learning, as well as more cost-effective corporate communication and supply-chain management applications without sacrificing network performance. The Cisco Catalyst 6500 Series provides a powerful e-commerce solution by combining these capabilities with the integrated multigigabit SSL services module and the industry's highestperformance content switching module. Secure Hypertext Transfer Protocol (HTTPS) content requests are secured by offloading the SSL processing from Web servers to the Cisco Catalyst 6500 Series SSL service module and load balanced across multiple servers via the content switching module, allowing the servers to handle peak traffic demands without degrading the user experience. Table 1 lists the features of the Cisco Catalyst 6500 Series.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 125
15/12/2002
Building Intelligent Networks Catalyst 6000 family provides industry leading port density of up to 194 Gigabit ports in a 13-slot chassis, The 8-port modules (WS-X6408-GBIC, WS-X6408A-GBIC) can be configured with shortwave (SX), longwave/long-haul (LX/LH), and extended-range (ZX) gigabit interface converters (GBICs). All Gigabit Ethernet ports on these modules have SC-type connectors for multimode fiber (MMF) or single-mode fiber (SMF). Designed for a wide range of Gigabit Ethernet applications, the 16-port Gigabit Ethernet modules are available in a variety of interfaces: small form factor MT-RJ connectors, SX, LX/LH, and ZX GBICs, and RJ-45 connectors for Category 5 copper cabling. Figure 1: 16-Port 10/100/1000 BASE-T Module (WS-X6516-GE-TX)
Switch Fabric-Enabled Modules for the Catalyst 6500 Series The Catalyst 6500 series is scalable to 256 Gbps of switching bandwidth using a cross-bar switching fabric architecture. New fabric-enabled Gigabit Ethernet modules support the 256-Gbps platform, delivering a new level of system performance for gigabit switching. Up to 176 fabric-enabled Gigabit Ethernet ports can be supported in a single 13-slot chassis. Designed to meet the growing demand of gigabit switching applications in both the enterprise and service-provider networks, a wide range of 16-port fabric-enabled Gigabit Ethernet modules are available for the Catalyst 6500 series 256-Gbps platform. These fabric-enabled gigabit modules come with either a single or dual interfaces to the switching fabric with centralized or distributed
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 126
15/12/2002
Building Intelligent Networks forwarding capabilities, providing excellent scalability and performance. These fabric-enabled gigabit modules all support the GBIC interfaces (SX, LX/LH, and ZX), or Category 5 RJ-45 copper interfaces providing further flexibility in system design. The Catalyst 6500 series 256-Gbps platform supports hardware-based Cisco Express Forwarding (CEF), as well as distributed CEF for maximum control-plane and forwarding performance. This is ideally suited for gigabit switching applications such as e-commerce, Web hosting, and content delivery in enterprise and service-provider networks. All fabric-enabled Gigabit Ethernet modules can support distributed forwarding. For those modules utilizing centralized forwarding, the distributedforwarding capabilities can be added later via a daughter-card field upgrade, providing maximum system flexibility and scalability. Figure 5: 16-port Fabric-Enabled GBIC-based Gigabit Ethernet Module, Single Fabric Interface (WS-X6516-GBIC)
Figure 7: 16-port Fabric-Enabled GBIC-based Gigabit Ethernet Module with Distributed Forwarding Dual Fabric Interfaces (WS-X6816-GBIC
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 127
15/12/2002
Key Features and Benefits Computer networks have evolved into mission-critical resources that span a wide variety of industries and geographic distances. Networks are now a tool for supporting critical applications such as supply chain management, training, HR activities, and e-commerce. These usage trends have led to the evolution of networks to span greater distances-to interconnect functions within the same organization, partners, and customers. As distance requirements have grown, the Catalyst 6500 Series continues to increase its value by providing support for advanced network services and localarea network (LAN), metropolitan-area network (MAN), and wide-area network (WAN) interfaces in a variety of configurations.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 128
15/12/2002
Building Intelligent Networks As networks continue to provision higher bandwidth applications, the Catalyst 6500 Series maximizes scalability by enabling enhanced services without compromising performance. The switch fabric modules utilize a crossbar architecture to deliver 256-Gbps total capacity with a high-speed point-topoint connection to each line card. This provides a mechanism to forward packets between all pointto-point connections between the slots simultaneously. Many ports can thus be simultaneously transmitting and receiving data providing much higher aggregate throughput (see Figure 3). Figure 3: Connection between Crossbar Fabrics and Linecards in a Redundant Configuration
The new Switch Fabric Module 2 (WS-X6500-SFM2) is supported in all Catalyst 6500 Series products, while the Switch Fabric Module (WS-C6500-SFM) is supported in the Catalyst 6506 and Catalyst 6509. The new Switch Fabric Module 2 can be used in slots 7 or 8 in the Catalyst 6513. The new Switch Fabric Module 2 and the Switch Fabric Module can be used in either slot 5 or 6 in the Catalyst 6506 and Catalyst 6509. High Availability Two switch fabric modules can be configured in a system for high availability. When installed in a redundant configuration, failover time between fabrics is a few seconds and the full system bandwidth of 256 Gbps remains available even following the failure of the active switch fabric module. This minimizes the impact of outages to preserve high availability of mission-critical applications in different network environments. In a single switch fabric module configuration with modules supporting both bus and fabric interfaces, the system can fail over to the 32-Gbps backplane bus if the switch fabric module fails, providing a highly available platform to host missioncritical applications. Scalable Performance When populated with a switch fabric module, a Supervisor Engine 2 with Multilayer Switch Feature Card (MSFC) 2, and fabric-enabled line cards, a Catalyst 6500 chassis can perform centralized Layer 2 and Layer 3 switching at 30 Mpps. When equipped with a Distributed Forwarding Card (DFC), each fabric-enabled card can perform localized switching and increases total system performance up to 210 Mpps. This allows the Catalyst 6500 Series to significantly scale performance while continuing to enable a host of advanced network services. This industry-leading performance, combined with the host of advanced network services and wide array of interfaces to support LAN/MAN/WAN connectivity, enables the Catalyst 6500 Series to deliver premier end-to-end solutions for large-scale enterprise and service provider applications.(Traffic Flow between Two Fabric-Enabled Cards Intelligent Services Growing emphasis and reliance by enterprises upon high-bandwidth applications such as streaming data, audio and video has led to an increase in multicast traffic. As high-bandwidth access to homes becomes universal, there will also be an increasing demand for video streaming applications hosted by service providers. This makes it imperative that networking equipment for both service providers and enterprises incorporates features to forward multicast traffic at wire rate. The switch fabric modules incorporate built-in capabilities to handle multicast in an optimal fashion. The switch fabric modules use highly efficient packet forwarding for unicast, broadcast, and multicast traffic. The switch fabric modules use a 3X overspeed architecture to handle multidestination traffic. This architecture, coupled with multicast replication performed in hardware on the Supervisor Engine and distributed switching line cards, allows service providers and
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 129
15/12/2002
Building Intelligent Networks enterprises to deploy high-bandwidth interactive and broadcast video applications without any performance penalty. Flexible Migration Options Investment Protection The switch fabric modules offer full investment protection to existing customers by providing a migration path that allows a gradual transition to the new architecture. All existing line cards can be inserted in the same chassis as the switch fabric module, allowing customers to gain increased benefits of the new architecture while using existing cards. This compatibility enables customers to continue to use the diverse interface types offered in the current solution and begin to deploy the new fabric-enabled cards for performance enhancement through distributed forwarding and increased bandwidth. Low Cost of Ownership The switch fabric modules facilitate a scalable, high performance, and intelligent network architecture that allows line cards to be intermixed in Catalyst 6500 Series systems to provide maximum investment protection while reducing the total cost of ownership to the customer.
Key Benefits Scalable Performance for Service Providers and Enterprises The DFC works in conjunction with the Switch Fabric Module, Supervisor Engine 2 with Multilayer Switch Feature Card (MSFC) 2, and fabric-enabled cards (cards with a connection to the Switch Fabric Module) to provide a framework for distributed Cisco Express Forwarding (CEF)-based
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 130
15/12/2002
Building Intelligent Networks forwarding architecture. It is required to run supervisor IOS to support distributed forwarding as it is not supported via Catalyst OS. While classic line cards cannot directly participate in distributed forwarding, CEF capabilities can still be utilized based on the centralized capabilities offered by Supervisor Engine 2. Although CEF is a Layer 3 forwarding mechanism, the Catalyst 6500 series solution also uses a similar centralized and distributed mechanism for Layer 2 forwarding. This card is available as a field-upgradable option on most of the new fabric-enabled line cards if one is not already installed. Please refer to the Data Sheet for Gigabit Ethernet Cards on the Catalyst 6000 page: http://www.cisco.com/go/6000. CEF is a scalable, distributed, Layer 3 mechanism that allows the Catalyst 6000 family to meet the dynamic requirements of service-provider and enterprise networks. This technology first evolved to accommodate a large number of short-duration flows resulting from Web-based and interactive applications. Service providers and large enterprises tend to have a large number of flows due to Web-hosting and e-commerce applications, and they are the biggest beneficiaries of this technology. In a traditional flow-based system, a cache is created using the routing table when the first packet of the flow arrives. All subsequent packets in the flow use the cached entry. This is an efficient mechanism when network conditions are relatively static, and when many different flows are destined for the same destination. The cached entries are kept current as they are aged out or when network topology changes occur. Scalable Control-Plane Performance In a dynamically changing environment, as is prevalent on the Internet, a CEF or Forwarding Information Base (FIB)-based mechanism is best used to avoid a continuous cache churn. The FIB table essentially mirrors the routing table and eliminates the need to maintain a cache table except for accounting purposes. This mechanism is also inherently less CPU intensive than a cache-based mechanism. In a distributed CEF (dCEF) environment, as implemented in Catalyst 6000 family, a copy of the FIB is downloaded to each card, thereby allowing the switching performance of the switch to scale to over 100 Mpps. Pushing forwarding decisions to each line card also relieves the MSFC2 of any switching decisions, leaving the CPU free to perform routing functions, management, network services, and so on. The DFC replicates Layer 2 and 3 forwarding logic in hardware as well as a bus on each line card; it is capable of a minimum of 15 Mpps of local switching. On a line card with a single serial connection to the fabric, packets switched between two ports will be directly forwarded via the local forwarding logic. On a line card with dual channel connections to the fabric, traffic between two ports would either be locally switched or transmitted across the fabric using local forwarding logic but it will never have to be centrally switched via the supervisor. Line cards that are DFC enabled are capable of making forwarding decisions locally. This enables traffic flows to occur in parallel between line cards, without being limited by centralized forwarding scalability. If there is a mixture of classic and new fabric-enabled line cards in the system, the frame will be switched centrally by the supervisor if there is a flow between classic and fabric-enabled cards. But, if the flow is between two fabricenabled cards with distributed forwarding, even when there is a classic card in the chassis, the packet will be directly switched between cards without going through the supervisor. This card is an essential component in enhancing scalability of the Catalyst 6000 family because, with each individual card performing local switching, the total forwarding performance of the switch reaches 100 Mpps. Distributed Intelligent Network Services The central FIB is downloaded to each line card equipped with a DFC, allowing switching decisions to be fully distributed (See Figure 2). The DFC maintains the most recent FIB and adjacency tables for Layer 2 and 3 forwarding. In a dynamic routing environment, like a service-provider backbone, the routing changes are automatically downloaded to each card, thereby providing accurate routing. It also contains the logic to perform enhanced security services in hardware, so there is no performance penalty for using features such as policy-based routing (PBR), extended and reflexive access control lists (ACLs), unicast Reverse Path Forwarding (RPF), and transmission control protocol
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 131
15/12/2002
Building Intelligent Networks (TCP) intercept. This is especially useful in e-commerce and Web-hosting applications where security and protection of servers and Web content is a key concern. Figure 2: Local Forwarding via Distributed Forwarding Card
An MSFC2 is essential for creating the central FIB and hence must be configured in the chassis to enable CEF as well as distributed forwarding.Because a replica of the central FIB must be downloaded onto the line card, it offers the same DRAM options as the MSFC2. The DFC ships with 128 MB of DRAM and offers 256- and 512-MB upgrade options. The DRAM option required on DFC will be dependent upon the route table size amount of DRAM on the MSFC2 to ensure that the local line card is able to store the entire FIB located on Supervisor Engine 2. A failure to synchronize all FIBs would lead to conflicting forwarding information and may lead to problems. The memory requirements for the FIB are listed in table below: Table 1 Memory Requirements Product Route Table Size FLM1 50K VLSM2: 32 K 128MB Route Table SizeFLM: 150 KVLSM: 64K Route Table SizeFLM: 250KVLSM: 150K
Supervisor Engine 2
256MB
512MB
MSFC2
128MB
256MB
512MB
DFC
128MB
128MB
256MB
Even though this distributed FIB mechanism does not require a cache to forward packets, a NetFlow table is still created and maintained for accounting purposes. Each line card will have a NetFlow table that can be exported as flows are aged out. Service-provider networks often utilize the NetFlow Data Export mechanism to keep track of the customer packet flows for billing and accounting purposes. In addition to providing performance scalability, DFC also helps scale control-plane
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 132
15/12/2002
Building Intelligent Networks performance because, instead of cache maintenance, CPU cycles can now be used for routing and enhanced services, intelligent services like IOS-Server Load balancing (IOS-SLB) and management. Investment Protection The DFC also provides full investment protection by giving customers the option to install this feature card as a field-replaceable unit in most cases. This also offers modularity in price because customers do not need to upgrade if the functionality is not required. The Catalyst 6500 series continues to offer full support for not only the new fabric-enabled line cards, but also the classic line cards, and line cards equipped with the DFC. These line cards may be intermixed within a single chassis to provide maximum flexibility and investment protection. Line-Card Support Line cards currently supporting distributed forwarding via this card are listed below: Table 2 Distributed Forwarding Capable Line Cards Switch Fabric Enabled WSX6516GBIC Yes Switch Fabric Interface Distributed Forwarding Local Switching Performance
15 Mpps
WSX6816GBIC
Yes
Yes
24 Mpps
Software Requirements A DFC is only supported in the Supervisor IOS mode and is not supported in Catalyst OS. To enable distributed forwarded an MSFC2 and Supervisor IOS are both required. The software version required to support distributed forwarding is listed below: Supervisor IOS Version 12.1(5) E
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 133
15/12/2002
Building Intelligent Networks switched environments by integrating the IDS functionality directly into the switch and taking traffic right off the switch back- plane, thus bringing both switching and security functionality into the same chassis. Figure 1: Catalyst 6000 Intrusion Detection System Module
Organizations continue to deploy firewalls as their central gatekeepers to prevent unauthorized users from entering their networks. However, network security is in many ways similar to physical security in that no one technology serves all needsrather, a layered defense provides the best results. Organizations are increasingly looking to additional security technologies to counter risk and vulnerability that firewalls alone cannot address. Intrusion detection systems provide around-theclock network surveillance. They analyze the packet data streams within the network, searching for unauthorized activity, such as attacks by hackers, enabling users to respond immediately to security breaches. Using a physical analogy, IDS systems are equivalent to video cameras and motion sensors; they detect unauthorized or suspicious activity. Cisco Systems, the worldwide leader in networking for the Internet, addresses the need for intrusion detection in switched local-area network (LANs) with an integrated solution with the IDS module, in addition to the complete family of Cisco Secure IDS appliance sensors, for its award-winning, highperformance Catalyst 6000 switch series. The IDS module allows security and network administrators to monitor network traffic right off the switch backplane rather than using external IDS sensors connected to a switch SPAN port. This allows more granular access to the network traffic and overcomes some of the limitations that external IDS sensors connected to SPAN ports have. Similar to how the Cisco Secure IDS appliance sensors operate, the IDS module detects unauthorized activity traversing the network, such as attacks by hackers, and will send alarms to a management console with details of the detected event. The security or network administrator specifies the network traffic that must be inspected by the IDS module using the Catalyst OS virtual LAN (VLAN) access control list (ACL) capture feature or SPAN functionality, allowing for very granular traffic monitoring. In addition, the IDS module can be managed and monitored by the same management console as the Cisco Secure IDS sensors, allowing customers to deploy both appliance sensors and the IDS module to monitor critical subnets throughout their enterprise network. Application Intrusion Detection has become the fundamental enabling requirement for the successful content networking and web hosting architecture. The IDS module is designed specifically to provide security and network administrators the flexibility to monitor traffic flowing through their Catalyst 6000 family switches throughout the network. The IDS module can help identify the denial of service attacks including the distributed denial of service attacks (DDos).
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 134
15/12/2002
With the widest range of attack recognition, IDS module provides best of the breed real time intrusion detection solution available in the industry today. Because of the type and volume of traffic at the network core, the IDS module is most effective in the distribution and access layers of the network. Key Features and Benefits The IDS module can be deployed in any Catalyst 6000 family chassis; it offers the following benefits: Part of a Cisco end-to-end solutionThe IDS module is a necessary component to an effective, defense-in-depth security strategy to complement other deployed security mechanisms (for example, firewalls, encryption, and authentication). Integrated solutionThis IDS module is completely integrated within the Catalyst 6000, occupying a single slot. This is particularly suited for deployments where rack space is at a premium. The IDS is also fully integrated into the Cisco Secure IDS management infrastructure for operational consistency and support. Transparent operationThe IDS module does not impact switch performance. It is a passive monitoring module that inspects copies of packets and is not in the switch-forwarding path. Investment protectionWith the addition of the IDS module card to its portfolio, Cisco continues to demonstrate investment protection in its switched infrastructure. The IDS module enables customers to perform both security monitoring and switching functions within the same chassis. Real-time intrusion detectionThe IDS module provides real-time, around-the-clock network surveillance. Designed to address the increased requirements for security visibility, denial-ofservice protection, antihacking detection, and e-commerce business defenses, the IDS module monitors network traffic off the switch backplane and alarms on malicious or unauthorized activity. Comprehensive attack recognition/signature coverage The IDS module detects a wide range of attacks, and the signature engine on the IDS module can be easily updated with new "hacker signatures" without any impact on the switch. The IDS module engine also includes sophisticated IP fragmentation reassembly intelligence.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 135
15/12/2002
Building Intelligent Networks Ability to monitor multiple VLANs simultaneouslyThe IDS module can monitor traffic on multiple VLANs simul- taneously (both ISL and 802.1q encoded) using either the VLAN ACL capture feature or SPAN functionality. The capability overcomes some of the traditional limitations of operating IDSs in switched environments. Low cost of ownershipThe IDS module is simple to install, configure, and maintain. Because it is completely interoperable with other Cisco Secure IDS devices and management consoles, the IDS module is simply an extension of the classic switching environment and security operations framework. Performance Summary Monitor 100 Mbps of traffic Approximately 47,000 packets per second, with a new flow arrival rate of 1000 per second Catalyst Switch Platform Requirements Requires Catalyst Operating System Version 6.1(1) or higher (not supported in native Cisco IOS software) Policy feature card (PFC) required for VLAN ACL "capture" functionality Compatible with both Supervisor 1A and Supervisor 2 engines Not compatible with the crossbar switch fabric Compatible with both multilayer switch feature card (MSFC) and MSFC2, but not required IDS Management Platforms (Required) Cisco Secure Policy Manager (CSPM) v2.2 and higher, or Cisco Secure Intrusion Detection Director
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 136
15/12/2002
Building Intelligent Networks Automatic allocationDHCP assigns a permanent IP address to a client. Dynamic allocationDHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). Manual allocationThe network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client. The format of DHCP messages is based on the format of Bootstrap Protocol (BOOTP) messages, which ensures support for BOOTP relay agent functionality and interoperability between BOOTP clients and DHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physical network segment. BOOTP is explained in RFC 951, Bootstrap Protocol (BOOTP), and RFC 1542, Clarifications and Extensions for the Bootstrap Protocol. DHCP Server Overview The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator. Figure 14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCP server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCP server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message. Figure 14: DHCP Request for an IP Address from a DHCP Server
Note A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address. The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. Note The formal request for the offered IP address (the DHCPREQUEST message) that is sent by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client. If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a misconfiguration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. The DHCP server will send to the client a DHCPNAK denial broadcast message, which means the offered configuration parameters have not been assigned, if an error has occurred during the negotiation of the parameters or the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client) of the DHCP server.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 137
15/12/2002
Building Intelligent Networks The Cisco IOS DHCP server feature offers the following benefits: Reduced Internet access costs Using automatic IP address assignment at each remote site substantially reduces Internet access costs. Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. Reduced client configuration tasks and costs Because DHCP is easy to configure, it minimizes operational overhead and costs associated with device configuration tasks and eases deployment by nontechnical users. Centralized management Because the DHCP server maintains configurations for several subnets, an administrator only needs to update a single, central server when configuration parameters change. Before you configure the Cisco IOS DHCP server feature, complete the following tasks: Identify an external File Transport Protocol (FTP), Trivial File Transfer Protocol (TFTP), or remote copy protocol (rcp) server that you will use to store the DHCP bindings database. Identify the IP addresses that you will enable the DHCP server to assign, and the IP addresses that you will exclude. Identify DHCP options for devices where necessary, including: o Default boot image name o Default router(s) o Domain Name System (DNS) server(s) o NetBIOS name server Decide on a NetBIOS node type (b, p, m, or h). Decide on a DNS domain name. DHCP Configuration Task List The DHCP server database is organized as a tree. The root of the tree is the address pool for natural networks, branches are subnetwork address pools, and leaves are manual bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters, for example the domain name, should be configured at the highest (network or subnetwork) level of the tree. Note Inherited parameters can be overridden. For example, if a parameter is defined in both the natural network and a subnetwork, the definition of the subnetwork is used. Address leases are not inherited. If a lease is not specified for an IP address, by default, the DHCP server assigns a one-day lease for the address. To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflict logging, then configure IP addresses that the DHCP server should not assign (excluded addresses)
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 138
15/12/2002
Building Intelligent Networks and should assign (a pool of available IP addresses) to requesting clients. These configuration tasks are explained in the following sections. Each task in the following list is identified as required or optional. Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging (Required) Excluding IP Addresses (Required) Configuring a DHCP Address Pool (Required) Configuring Manual Bindings (Optional) Configuring a DHCP Server Boot File (Optional) Configuring the Number of Ping Packets (Optional) Configuring the Timeout Value for Ping Packets (Optional) Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional) Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging A DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCP bindings database. You can configure multiple DHCP database agents and you can configure the interval between database updates and transfers for each agent. To configure a database agent and database agent parameters, use the following command in global configuration mode: Command Router(config)# ip dhcp database url [timeout seconds | write-delay seconds] Purpose Configures the database agent and the interval between database updates and database transfers.
If you choose not to configure a DHCP database agent, disable the recording of DHCP address conflicts on the DHCP server. To disable DHCP address conflict logging, use the following command in global configuration mode: Command Router(config)# no ip dhcp conflict logging Purpose Disables DHCP address conflict logging.
Excluding IP Addresses The DHCP server assumes that all IP addresses in a DHCP address pool subnet are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To do so, use the following command in global configuration mode:
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 139
15/12/2002
Purpose Specifies the IP addresses that the DHCP server should not assign to DHCP clients.
Configuring a DHCP Address Pool You can configure a DHCP address pool with a name that is a symbolic string (such as "engineering") or an integer (such as 0). Configuring a DHCP address pool also places you in DHCP pool configuration modeidentified by the (config-dhcp)# promptfrom which you can configure pool parameters (for example, the IP subnet number and default router list). To configure a DHCP address pool, complete the required tasks in the following sections. Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration Mode To configure the DHCP address pool name and enter DHCP pool configuration mode, use the following command in global configuration mode:
Purpose Creates a name for the DHCP server address pool and places you in DHCP pool configuration mode (identified by the config-dhcp# prompt).
Configuring the DHCP Address Pool Subnet and Mask To configure a subnet and mask for the newly created DHCP address pool, which contains the range of available IP addresses that the DHCP server may assign to clients, use the following command in DHCP pool configuration mode: Command Router(configdhcp)# network network-number [mask | /prefixlength] Purpose Specifies the subnet network number and mask of the DHCP address pool. The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/).
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 140
15/12/2002
Note You can not configure manual bindings within the same pool that is configured with the network command. To configure manual bindings, see the "Configuring Manual Bindings" section.
Configuring the Domain Name for the Client The domain name for a DHCP client places the client in the general grouping of networks that make up the domain. To configure a domain name string for the client, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# domain-name domain Purpose Specifies the domain name for the client.
Configuring the Domain Name System IP Servers for the Client DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. To configure the DNS IP servers that are available to a DHCP client, use the following command in DHCP pool configuration mode: Command Router(configdhcp)# dns-server address [address2 ... address8] Purpose Specifies the IP address of a DNS server that is available to a DHCP client. One IP address is required; however, you can specify up to eight IP addresses in one command line.
Configuring the NetBIOS Windows Internet Naming Service IP Servers for the Client Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks. To configure the NetBIOS WINS servers that are available to a Microsoft DHCP client, use the following command in DHCP pool configuration mode: Command Router(configdhcp)# netbios-name-server address [address2 ... address8] Purpose Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up to eight addresses in one command line.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 141
15/12/2002
Configuring the NetBIOS Node Type for the Client The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-topeer, mixed, or hybrid. To configure the NetBIOS node type for a Microsoft DHCP, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# netbios-node-type type Purpose Specifies the NetBIOS node type for a Microsoft DHCP client.
Configuring the Default Router for the Client After a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client. To configure a default router for a DHCP client, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# default-router address [address2 ... address8] Purpose Specifies the IP address of the default router for a DHCP client. One IP address is required, although you can specify up to eight addresses in one command line.
Configuring the Address Lease Time By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# lease {days [hours][minutes] | infinite} Purpose Specifies the duration of the lease. The default is a one-day lease.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 142
15/12/2002
Building Intelligent Networks Configuring Manual Bindings An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database. Manual bindings are stored in NVRAM on the DHCP server. Manual bindings are just special address pools. There is no limit on the number of manual bindings but you can only configure one manual binding per host pool. Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called a database agent. The bindings are saved as text records for easy maintenance. To configure a manual binding, first create a host pool, then specify the IP address of the client and hardware address or client identifier. The hardware address is the MAC address. The client identifier, which is required for Microsoft clients (instead of hardware addresses), is formed by concatenating the media type and the MAC address of the client. Refer to the "Address Resolution Protocol Parameters" section of RFC 1700, Assigned Numbers, for a list of media type codes. To configure manual bindings, use the following commands beginning in global configuration mode: Command Step 1 Router(config)# ip dhcp pool name Purpose Creates a name for the a DHCP server address pool and places you in DHCP pool configuration modeidentified by the (config-dhcp)# prompt.
Step 2
Router(configdhcp)# host address [mask| /prefixlength] Router(configdhcp)# hardwareaddress hardwareaddress type or Router(configdhcp)# client-identifier unique-identifier
Specifies the IP address and subnet mask of the client. The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/). Specifies a hardware address for the client. Specifies the distinct identification of the client in dottedhexadecimal notation, for example, 01b7.0813.8811.66, where 01 represents the Ethernet media type.
Step 3
Step 4
(Optional) Specifies the name of the client using any standard ASCII character. The client name should not include the domain name. For example, the name mars should not be specified as mars.cisco.com.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 143
15/12/2002
Configuring a DHCP Server Boot File The boot file is used to store the boot image for the client. The boot image is generally the operating system the client uses to load. To specify a boot file for the DHCP client, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# bootfile filename Purpose Specifies the name of the file that is used as a boot image.
Configuring the Number of Ping Packets By default, the DHCP server pings a pool address twice before assigning the address to a requesting client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address is not in use and assigns the address to the requesting client. To change the number of ping packets the DHCP server should send to the pool address before assigning the address, use the following command in global configuration mode: Command Router(config)# ip dhcp ping packets number Purpose Specifies the number of ping packets the DHCP server sends to a pool address before assigning the address to a requesting client. The default is two packets.
Configuring the Timeout Value for Ping Packets By default, the DHCP server waits 500 milliseconds before timing out a ping packet. To change the amount of time the server waits, use the following command in global configuration mode: Command Router(config)# ip dhcp ping timeout milliseconds Purpose Specifies the amount of time the DHCP server must wait before timing out a ping packet. The default 500 milliseconds.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 144
15/12/2002
Building Intelligent Networks Enabling the Cisco IOS DHCP Server and Relay Agent Features By default, the Cisco IOS DHCP server and relay agent features are enabled on your router. To reenable these features if they are disabled, use the following command in global configuration mode: Command Router(config)# service dhcp Purpose Enables the CiscoIOS DHCP server and relay features on your router. Use the no form of this command to disable the Cisco IOS DHCP server and relay features.
Monitoring and Maintaining the DHCP Server To clear DHCP server variables, use the following commands in privileged EXEC mode, as needed: Command Router# clear ip dhcp binding address | * Purpose Deletes an automatic address binding from the DHCP database. Specifying
address clears the automatic binding for a specific (client) IP address, whereas
Clears an address conflict from the DHCP database. Specifying address clears the conflict for a specific IP address whereas specifying an asterisk (*) clears conflicts for all addresses.
To enable DHCP server debugging, use the following command in privileged EXEC mode: Command Router# debug ip dhcp server {events | packets | linkage} Purpose Enables debugging on the DHCP server.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 145
15/12/2002
Building Intelligent Networks To display DHCP server information, use the following commands in EXEC mode, as needed: Command Router> show ip dhcp binding [address] Router> show ip dhcp conflict [address] Router# show ip dhcp database [url] Router> show ip dhcp server statistics Displays count information about server statistics and messages sent and received. Displays recent activity on the DHCP database. Note Use this command in privileged EXEC mode. Displays a list of all address conflicts recorded by a specific DHCP server. Purpose Displays a list of all bindings created on a specific DHCP server.
Configuration Examples This section provides the following configuration examples: DHCP Database Agent Configuration Example DHCP Address Pool Configuration Example Manual Bindings Configuration Example DHCP Database Agent Configuration Example The following example stores bindings on host 172.16.4.253. The file transfer protocol is FTP. The server should wait 2 minutes (120 seconds) before writing database changes. ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120 DHCP Address Pool Configuration Example In the following example, three DHCP address pools are created: one in network 172.16.0.0, one in subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0, such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type, are inherited in subnetworks 172.16.1.0 and 172.16.2.0. In each pool, clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning to clients. Table 5 lists the IP addresses for the devices in three DHCP address pools.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 146
15/12/2002
ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120 ip dhcp excluded-address 172.16.1.100 172.16.1.103 ip dhcp excluded-address 172.16.2.100 172.16.2.103 ! ip dhcp pool 0 network 172.16.0.0 /16 domain-name cisco.com dns-server 172.16.1.102 172.16.2.102 netbios-name-server 172.16.1.103 172.16.2.103 netbios-node-type h-node ! ip dhcp pool 1 network 172.16.1.0 /24 default-router 172.16.1.100 172.16.1.101
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 147
15/12/2002
lease 30 ! ip dhcp pool 2 network 172.16.2.0 /24 default-router 172.16.2.100 172.16.2.101 lease 30 Manual Bindings Configuration Example The following example creates a manual binding for a client named Mars.cisco.com. The MAC address of the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254. ip dhcp pool Mars host 172.16.2.254 hardware-address 02c7.f800.0422 ieee802 client-name Mars Because attributes are inherited, the previous configuration is equivalent to the following: ip dhcp pool Mars host 172.16.2.254 mask 255.255.255.0 hardware-address 02c7.f800.0422 ieee802 client-name Mars default-router 172.16.2.100 172.16.2.101 domain-name cisco.com dns-server 172.16.1.102 172.16.2.102 netbios-name-server 172.16.1.103 172.16.2.103 netbios-node-type h-node
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 148
15/12/2002